We have seen it time and time again DDoS attacks against organizations causing network interruptions and downtime .
These Organizations at times are hopeless at the hands of the attackers sometimes even for ransom. Think of a small or medium business with a 50Mbps internet connection that is getting attacked what options does that organization have ?
Sure if they pay extra for a subnet with BGP peering and have the technical know how to can black hole the traffic. But this is costly and often times the smaller business don’t have the technical staff to have at security team keeping watch .
The other option is to increase bandwidth when the attack happens but how reasonable is that ? what is the guarantee that the attack won’t grow larger attacks are reaching the Gbps an SMB simply can’t afford that costs.
The best option is getting a DDoS protection service offered via the ISP or Interconnect anti-DDoS services are normally offered at the ISP level or carrier level also there are CDN’s (Content Delivery Networks).
Part of the reason why you would want to go with an ISP or a Carrier for DDoS protection is they have much more network infrastructure than you have. They have all the expertise at the ready and often for much less that it would cost for you to run a solution yourself.
Anti DDoS solutions range from free to several thousands of dollars depending on the protection level but remember you get what you pay for.
The Anti DDoS providers usually offer tiers or actions they offer such as Null route the traffic where the traffic for the IP address that is under attack is re-directed into the carriers core.
The issue with the above solution is that a null route will take down all of the traffic destined to that IP address. So if you are hosting a website or an email server then you have completed te job for the attacker… and don’t even think about changing the DNS entries the attacks can target the domain;s .
The other option is traffic scrubbing this technique is optimal its is more costly but optimal with this technique the ISP will drop the bad traffic using algorithms that detect bad traffic such as SYN floods or UDP flood .
the CDN approach like that used at https://www.cloudflare.com/ this service acts a buffer between your web server and the internet all web requests are filtered through the CDN and then scrubbed and delivered to the server . this has some limitation if the server its self is being attacked via the IP address then the CDN will not help.
At the end of it all DDoS attacks cost money sometimes a lot of money, especially for e-commerce websites. Imagine not being able to sell your product’s on your websites due to a DDoS.
the protection is a lot cheaper than the cost of a successful attack business need to adopt service to protect themselves from these ever growing powerful attacks .