DDoS attacks are capable of taking a website down in minutes. They can also considerably reduce the capacity of a network or a datacenter. DDoS protection scripts, firewall software and other traditional prevention systems are not likely to be able to hold for long. DDoS protection exists but it can be expensive as it’s an additional cost which is more or less similar to insurance. DDoS scripts can scan the web for servers with known vulnerabilities and exploit them. Even though most servers can’t be completely prepared to prevent DDoS attacks, you can take some measures to minimize the risks. We have put together some tips to help you get the basics out of the way.
1. Monitor your servers: The first step in preventing a DDoS attack is to constantly monitor your server for suspicious activity. More often than not, DDoS attacks are preceded by smaller attacks to assess the security of the server. Instead of disregarding these low level attacks, prepare your server for any eventuality.
2. Use a broad range of name servers: Most administrators prefer to direct traffic through on authoritative name server. Route your traffic from two or more sources by using a bigger range of name servers spread across the globe.
3. Add surplus resources: Instead of planning for a spike in traffic during the holiday season, add surplus resources to your server permanently. Overprovisioning resources will not only help mitigate a DDoS attack to an extent, it will also help accommodate any unaccounted spikes in traffic.
4. Consider High Availability: DDoS attacks consume all the bandwidth, although expensive, one way to counter them is by setting up the equivalent of load balancers for DNS, high availability DNS pairs. They work just like load balancers work for web hosting, when the main DNS server reaches peak performance or gets overloaded, the standby server is brought into action to absorb the spike in traffic.
5. Set limits to response rate: Limits can be set to response rates on server side or the client side by IP address. The number of incoming requests can be limited at source by limiting source addresses and an attack can be negated by shutting it down by limiting the destination addresses.
6. Disable answer to recursive queries: Hackers can hijack unsuspecting user’s DNS servers and use them to amplify a DDoS attack on a third party. Disabling answer to recursive queries helps resolve this problem.
Even with the above basic steps, there is no fully effective way of preventing a DDoS attack. You can prevent a virus attack on your PC with an antivirus but your servers will always be prone to DDoS attacks as they have to be online and serve requests. In the next edition of this series, we will look into professional solutions to fight DDoS attacks.