DDOS is an acronym that stands for Distributed Denial of Service. It is a type of computer attack that aims, as the name suggests, to cause the failure of the service recipient of the attack.
The attack is carried out, trying to saturate the available resources of the victim and usually involves the use of one or more computers (often thousands) to flood of requests the victim's server, exhausting all network or calculation resources. So users of the server are no longer able to access the service.
Many types of DDOS attacks exists, some easy to mitigate, others really more difficult. Basically they can be divided into two main groups: those based on Layer 3-4 communication and those based on the Layer 7.
Those based on Layer 3-4, are typically "volume" attacks and try to saturate the channel of access to the Internet or the ability of the equipment to handle a large number of connections.
For example, if the attacker realizes 200 Mbit traffic attack to a server that has only 100 Mbit connection, the attack will saturate its bandwidth preventing him from responding to the demands of normal users.
Attacks based on Layer 7 instead exploit weaknesses in the application layer, trying directly to saturate the server CPU, flooding it with particularly costly requests in terms of computational resources.
For example, the attacker can flood of requests a particular web page, whose generation takes many resources, or can exploit a flaw in an application hosted on the server to cause it to consume more resources.
Over time these attacks have grown in number and size, reaching lately also the 300Gbit.
Big Web sites or important computer services are almost always subjected to attacks, but now because of the ease with which it's possible carry out one, even small Web sites (especially e-commerce) and services are under threat, with serious economic damage. Moreover arise new types of attack more difficult to mitigate.
There is no universal method to defend against DDOS attacks. Typically for attacks very basic and very small entity, ie a few megabits, you can defend yourself using specific rules in the firewall and using some forethought in the development of the application.
Unfortunately, when the attacks are of greater magnitude, there are no economical solutions. They're necessary specific equipments that cost hundreds of thousands of dollars for the protection from these attacks. Furthermore, it's needed a network infrastructure capable of supporting the arrival of attacks large.
The great majority of providers do not have an adequate infrastructure to support the transition in the own network of these attacks and are in fact forced to remove the attack victim IP from their network, allowing the attacker to fully achieve its purpose, block the service. This provider reaction also prevents the customer to take its countermeasures.
Considering also the high cost of the equipment to protect against such attacks, it is inconvenient for the victim to invest in adequate protection systems.
That's why we developed our DDOS Protection service, to allow everyone to access at a reasonable price to a professional protection against this type of attack, without even having to change the own provider.
Find out how our protection works clicking the below button "How we Protect You".