Jon Granados
Jon Granados More Posts
CEO · 41 posts
5 years ago
DDoS - Is your business infrastructure safe?
DDoS - Is your business infrastructure safe?

DDoS – Is your Business infrastructure safe?

Who is considered safe and who is at risk?

Perhaps you are the Network Admin for your small business, or a rural small-town school, or maybe, even a midsize enterprise with multiple offices scattered throughout a small geographical area.

Have you ever wondered if your business could ever come under attack through the internet? Have you or your network admin ever wondered if a cyber-attack was something you should be concerned about? You may think that your business is not a high value target so it may seem that it may never happen to you, right? Chances are you may not run into any issues throughout your whole career but there is still a possibility of you learning the hard way. Even the most unnoticeable network can be subject to the crippling effect cyber-based attacks.

While you may not be a high-value target, there are many critical services you rely on are that are at risk. These attacks may also continue to exploit and target simple services. For example: Services your company may use are things like FTP, DNS, and NTP. All networks rely on these services to a certain degree. They are also common enough to be able to impact and cripple almost anywhere and anytime.

What to do?

This is unfortunately a huge flaw in something that is so common to your business’ daily grind. We all rely on these services, network, and the internet, and when these simple services are hindered, it can interrupt the services you provide. This highlights some major problems with the foundation of the internet itself. So what can we do to protect the infrastructure of our businesses? How can you stop a DDoS attack?

Identify a DDoS Attack Before it Happens

Maybe your business has it’s own servers, if that is the case, you need to be able to identify when  and how you are under attack. The sooner you can target that problems with your website are because of a DDoS attack, the sooner your business can resume your vital services.

In order for your business to be in a position to do this, you must familiarize yourself with typical inbound traffic to your website. The more you know about typical traffic , the easier it is to identify the actual problem. Most DDoS attacks start as sharp spikes in traffic. Knowing the difference between a surge of real customers and a DDoS attack is extremely helpful.

It is also wise for your business to nominate a DDoS specialist who is responsible for taking action if your business should ever come under attack.

Overprovisioning your Business’ Bandwidth

It makes sense for your business to have more bandwidth available to your Web server than what you use. In this sense, you can accommodate for sudden surges in traffic that could be a result from your business’ marketing or other way of increasing traffic.

If you overprovision your bandwidth even by just a little, it won’t likely stop a DDoS attack. However, this would give you a few extra minutes to act before your bandwidth becomes overwhelmed.

Defend your Network (Web Server Based)

Below you will find a few technical measures that can be taken to mitigate the effect of a cyber-attack.

For example, you can:

  • rate limit your router to prevent your Web server being overwhelmed
  • add filters to tell your router to drop packets from obvious sources of attack
  • timeout half-open connections more aggressively
  • drop spoofed or malformed packages
  • set lower SYN, ICMP, and UDP flood drop thresholds

But the truth is that while these steps have been effective in the past, DDoS attacks are now usually too large for these measures to have any significant effect. Again, the most you can hope for is that they will buy you a little time as a DDoS attack ramps up.

Call Your ISP or Hosting Provider

The next step is to call your ISP (or hosting provider if you do not host your own Web server), tell them you are under attack and ask for help. Keep emergency contacts for your ISP or hosting provider readily available, so you can do this quickly. Depending on the strength of the attack, the ISP or hoster may already have detected it, or they may themselves start to be overwhelmed by the attack.

You stand a better chance of withstanding a DDoS attack if your Web server is located in a hosting center than if you run it yourself. That’s because its data center will likely have far higher bandwidth links and higher capacity routers than your company has itself, and its staff will probably have more experience dealing with attacks. Having your Web server located with a hoster will also keep DDoS traffic aimed at your Web server off your corporate LAN, so at least that part of your business — including email and possibly voice over IP services — should operate normally during an attack.

If a DDoS attack is large enough, the first thing a hosting company or ISP is likely to do is “null route” your traffic — which results in packets destined for your Web server being dropped before they arrive.

“It can be very costly for a hosting company to allow a DDoS on to their network because it consumes a lot of bandwidth and can affect other customers, so the first thing we might do is black hole you for a while,” says Liam Enticknap, a network operations engineer at PEER 1 hosting.

Tim Pat Dufficy, managing director of ISP and hosting company ServerSpace, agrees. “The first thing we do when we see a customer under attack is log on to our routers and stop the traffic getting on to our network,” he says. “That takes about two minutes to propagate globally using BGP (border gateway protocol) and then traffic falls off.”

If that was the end of the story, then the DDoS attack would be successful. To get the website back online, your ISP or hosting company may divert traffic to a “scrubber” where the malicious packets can be removed before the legitimate ones are be sent on to your Web server. “We use our experience, and various tools, to understand how the traffic to your site has changed from what it was receiving before and to identify malicious packets,” explains Enticknap.

He says PEER 1 has the capacity to take in, scrub and send on very high levels of traffic — as much as 20Gbps. But with levels of traffic comparable to those experienced by Spamhaus, even this scrubbing effort would likely be overwhelmed.

Do have a DDoS plan in place with your ISP or hoster so that it can begin mitigation or divert your traffic to a mitigation specialist with the minimum delay.

Call a DDoS Specialist

For very large attacks, it’s likely that your best chance of staying online is to use a specialist DDoS mitigation company. These organizations have large scale infrastructure and use a variety of technologies, including data scrubbing, to help keep your website online. You may need to contact a DDoS mitigation company directly, or your hosting company or service provider may have a partnership agreement with one to handle large attacks.

“If a customer needs DDoS mitigation then we divert their traffic to (DDoS mitigation company) Black Lotus,” says Dufficy. “We do this using BGP, so it only takes a few minutes.”

Black Lotus’s scrubbing center can handle very high levels of traffic indeed, and sends on the cleaned traffic to its intended destination. This does result in higher latency for website users, but the alternative is that they can’t access the site at all.

DDoS mitigation services are not free, so it’s up to you whether you want to pay to stay online or take the hit and wait for the DDoS attack to subside before continuing to do business. Subscribing to a DDoS mitigation service on an ongoing basis may cost a few hundred dollars a month. If you wait until you need one, however, expect to pay much more for the service and wait longer before it starts to work.

Source: | Author: Paul Rubens |  Posted January 25, 2016


Jon Granados
Jon Granados
CEO · 41 posts
5 years ago
Jonathan Granados is the Chief Executive Officer at SADOS. Jon owes his success to a ladder of visible clients throughout his career in IT and network security. He's worked with clients from Spotify to the Department of Defense, and has a proven track record to getting the job done.

You might also like...

What Customers Say
It's about more than technology, it's about a dedication to building impactful relationships
Ready for anything, we provide dependable IT support, both on site and remote through our 24/7 help desk and chat support. We maximize workforce potential in companies of all sizes - building success stories through true relationships with each and every one of our clients.

After having many internet/wi-fi and phone issues for years at our office, SADOS has resolved them and made our workplace more efficient. We are so pleased with their commitment to finding the real problems, and their solutions to fix them. Dominick has been awesome – very responsive to our calls, and not happy until we’re happy. Thank you SADOS, Jon, and the team!

Cindy Schlossnagle
Keller Williams Columbia

When we moved our environment into the cloud we worked closely with SADOS. They were easy to work with and very responsive to our needs. They helped us navigate the intricacies of the AWS and perfected our network environment. Anyone looking to move their infrastructure to the cloud would be well-served by working with SADOS.

Donald Koch
South Mountain Creamery

Enforme used to host our own data-center. In doing so we had power costs, generator costs, cooling costs, hardware/warranty costs and many other costs that come along with hosting your own equipment. Now we have POP sites all over the world and double the resources at half the cost thanks to the cloud. Our cloud migration was one of the best decisions we could have made thanks to SADOS.

Eric Delente
Enforme Interactive

SADOS has been a great help. We contacted you to help migrate the Department of Justice, Office of Justice Programs to AWS Gov. Cloud. Their knowledge with cloud technology was an extreme help during this project. They prepared and created the infrastructure for this environment to allow future growth, fail over possibilities, and load balancing scenarios.

Chris Garver

Solid, experienced IT cloud transition partner specializing in moving traditional infrastructure environments to AWS and Azure. SADOS has the expertise and know how to help your company assess your current traditional infrastructure, formulate a transition plan and execute. In many cases, they can help you save thousands in monthly data center & support costs.

Walter Logue

SADOS’ willingness to provide immediate support during a dire time was a godsend. Their team is not only genuinely invested in the success of their customers, but also highly qualified and more willing to do what it takes to provide a broad range of IT support services compared to others. They genuinely care about my business. All the other vendors I spoke to only offered to set up an appointment and wanted to discuss pricing right away. SADOS was the only company willing to do what needed to be done right away without hesitation. is now where it needs to be thanks to SADOS.

Chris Kirksey
Direction Inc.