How to defend against DDoS attacks

Started by Peter, Jul 31, 2022, 04:55 AM

Previous topic - Next topic

PeterTopic starter

I have a sales site in the game Rust, often enough my site is subjected to DDos attacks.
Who benefits from this?
My competitor.
Why would a competitor conduct acati DDoS:
1. Direct extortion: "Meet our demands and we will stop the attacks.

2. business interests: "Take out a competitor's site during a period of great discounts, and all customers will flow to us."

3. Demonstration of power to a third party: "Now I'll take down such and such a site, look!", "With your competitor we will definitely cope, here is proof".

4. A cover for another attack: "We'll distract DDoS, and at the same time hаck the site.

Hosting and DDoS protection

Some hosting companies offer their own protection. They all have different ones, with their own perks. Anti-DDoS can be built on any hosting, but it all depends on resources - to repel a strong attack, you need more power.

 My hosting requirements.
- SLA to handle incidents and technical issues.

- Availability of own cloud infrastructure.

- Flexible network management with the ability to organize various atypical network configurations.

- Modern equipment and the ability to replace failed components through new deliveries.

That's all I could tell you! :-*


Here's what can help against attacks
1. Get rid of Windows Server
2. Part ways with Apache
3. Use the testcookie module
4. Code 444
5. Geoban


A popular way to protect is to use the Cloudflare service. A service that will help hide your IP address and thus become inaccessible to intruders. There are both free and paid plans. You can protect your site for free not from all types of attacks. :(

Edison Duncan

In our time, the concepts of DDoS are very vague. Many people think that a DDoS attack is about sending a large number of responses to a server. In fact, there are three types, or rather levels. At the level of their understanding, protection should be built.
1. Network layer
2. Transport layer
3. Application layer.
The Cloudflare protection system works on a filtering system. This technology allows you to encrypt and filter all incoming requests to the server. Frankly speaking, this protects and at the same time loads the server.
I give you an 80% guarantee that you succumb to transport layer attacks (all game servers and some game stores are subject to them). What to do? Protect your L4 level by installing a packet flood, and for a "smart" DDoS attack, use the WAF (online firewall) function.


Methods of countering DDoS attacks can be divided into passive and active, as well as preventive and reactionary.

It is necessary to prevent the causes that lead to the need for certain persons to undertake DDoS attacks. Personal hostility, competition, religious or other differences, as well as many other factors can cause such an attack.
If the causes of such attacks are eliminated in time and appropriate conclusions are drawn, then in the future it will be possible to avoid a repeat of the situation. This method is aimed at protecting against almost any DDoS attacks, as it is a managerial, not a technical solution.

Response measures
It is necessary to take active measures to influence the sources or organizer of attacks, using both technical and organizational and legal methods. Some companies provide a search service for the organizer of attacks, which allows you to calculate not only the person conducting the attack, but also the customer of this attack.

Specialized software and hardware
Now many software and hardware manufacturers offer ready-made solutions to protect against DDoS attacks. Such software and hardware can look like a small web server that allows you to protect yourself from weak and medium DDoS attacks aimed at small and medium-sized businesses, or a whole complex that allows you to protect large enterprises and government institutions from serious attacks.

Filtering and blocking traffic coming from attacking machines allows you to reduce or completely extinguish the attack. When using this method, incoming traffic is filtered according to certain rules specified when installing filters.
There are two ways of filtering: routing by ACL lists and using firewalls.
Using ACLs allows you to filter secondary protocols without affecting TCP protocols and without slowing down the speed of users working with the resource. However, if attackers use primary requests or a botnet, this method of filtering will be ineffective.
Firewalls are an extremely effective way to protect against DDoS attacks, but they are used exclusively to protect private networks.

Reverse DDoS
Redirecting traffic to the attacker with sufficient web  server capacity allows not only to successfully overcome the attack, but also to disable the attacker's equipment. This type of protection cannot be applied in case of errors in the program code of operating systems, system services or web applications.

Addressing vulnerabilities
This type of protection is aimed at eliminating errors in certain systems or services (fixing exploits, installing updates to the operating system, etc.). Accordingly, this method of protection does not work against flood attacks, for which the "vulnerability" is the finiteness of certain system resources.
Building up resources
It does not provide absolute protection, but it allows you to use other types of protection against DDoS attacks. With modern software and hardware, you can successfully cope with a DDoS attack aimed at the finiteness of system resources.

Building distributed systems
The construction of distributed and redundant systems allows you to serve users, even if some nodes become unavailable due to DDoS attacks. It is recommended to build distributed systems using not only different network or web  server equipment, but also physically distribute services to different data centers.
It is also possible to install a backup system (critical nodes, backups) on the territory of other states, which will allow you to save important information even in the event of a fire in the datacenter or a natural disaster. Distributed systems allow you to cope with almost any type of attacks with proper architectural design.

The output of the immediate target of the attack (ip address or domain name) from other resources that may also be attacked together with the target. In other words, it is necessary to separate the attacked resources and other working resources that are located on the same site. The optimal solution is to divide into external and internal resources and output external resources to other network equipment, another datacenter or even the territory of another state. This will preserve the internal IT structure even with the most intense DDoS attack on external resources.

Installation of a monitoring and notification system that will allow you to calculate a DDoS attack according to certain criteria. Monitoring cannot directly protect the attacked system, but it allows you to react in time and take appropriate measures.

Acquisition of a DDoS protection service
Now many large companies offer both permanent and temporary DDoS protection services. This method allows you to protect yourself from many types of DDoS attacks by using a whole range of mechanisms for filtering unwanted traffic to attacking web servers.