fbpx
Call us +1-231-421-7160

DDoS Attacks - What, Why & How CloudAccess.net Responds

From time to time our network experiences DDoS (distributed denial-of-service) attacks. Most of the time DDoS attacks are small, and our network can absorb the hit while server admins resolve the issue, resulting in little to no downtime for our clients. Twice during the last few days, however, we experienced large scale DDoS attacks that impacted our entire network. This blog explains a little about DDoS attacks, how they can debilitate a network, how we respond and what we are doing to improve our overall reliability.

What is a DDoS attack?

Essentially, a DDoS attack is an attempt by many computers (usually controlled by a primary computer) to use up all the network resources available on a server, limiting website availability for intended users. If the DDoS attack is large enough, our clients experience a lag, and legitimate traffic cannot get through because bad traffic is flooding our Internet connections. In very simple terms, our gear is busy handling DDoS traffic so it cannot handle traffic to your website. The video below by MicroNugget is a great explanation of how a DDoS works.

How long have DDoS attacks been happening?

The DDoS attack isn't a new phenomenon on the Internet. Many popular hosting providers are susceptible to DDoS attacks. Only really huge networks - the Googles and Facebooks of the world - have enough resources, money and power to fend off large scale DDoS attacks.

Who would do something like this?

It's really hard to say why someone would build up the power to send thousands of IPs on the attack at one time. The people who usually carry out these types of attacks know it's illegal, but they do it anyway. I honestly feel that some of these folks may be good people, showing companies that they need to fix something. We know, however, that some attackers do it maliciously because they know they can gain something from it.

How do we handle DDoS attacks?

Our admins monitor our network consistently and we know immediately when an attack occurs. We jump into action by working with our upstream provider to search our core Internet routers for the IP address and server that is being attacked. Once we do this, the one server is taken down, effectively stopping the attack so normal traffic can resume for the rest of the network. This can be done fairly quickly. In a more simple DoS attack - an attack from one machine - we can simply block that single IP from entering our network. In a larger DDoS attack, however, tens of thousands of IP addresses may be entering the network, and it's inefficient to try to identify and block each attacker. Instead, we completely dump the IP address that is being attacked, bring the server back online and return the network to normal. Below is an image similar to reporting our server admins see during an attack. You can see the spike in inbound IPs at roughly 12:25, with the network returning to normal at roughly 12:45.

packets1

There really isn't a shortcut to handling a DDoS that is too big for your network. We do, however, promise that when we experience a problem like this, we react immediately, resolve the issue quickly and get your site back online. We knew about the possibility of a DDoS attack and we know it may happen again. Therefore, we have several improvements scheduled in the near future.

How are we improving our network?

Moving forward, we have a long term strategy to secure our network against DDoS attacks. One goal is to establish a proxy server for our connection. The proxy server would be able to sift the attacking IP addresses and pass us only good traffic. Another goal is to use a device like this on our own servers that can accomplish the same outcome. We are going to install this device on our network but also make sure that our upstream provider also has a device like this enabled.

Eventually, as our network grows, we will have enough resources so that even a large scale DDoS attack will not limit accessibility to client sites. Growing companies endure growing pains. DDoS attacks, hackers, script kiddies are things that every company has had to deal with at one point in time. We understand the nature of the attacks that we experienced during the last few days and we have a plan in place to protect our network.

As a client, your best bet is to find a hosting company that responds and adapts by continually improving network reliability, warding off attacks and increasing resources. We appreciate your business and we are working hard to provide you the best hosting experience possible. We're sorry for any inconvenience these attacks may have caused. Please feel free to contact us directly if you have any questions or if you'd like more information.

Introducing the Cloud Control Panel™2.0
A Comprehensive Guide to Joomla Compression and C...