Last month we explored the History of Distributed Denial of Service (DDoS) Attacks and how they have developed over time. DDoS attacks are one of the most fundamental and their use in disrupting services online has been unabated since the early 1970's. That being said, DDoS attacks are still one of the top threats to networks the world over, constantly adapting to new standards of protection and security.
There are many different flavors of DDoS attack and almost as many misconceptions.
Myth 1: It only happens to the other guy
Most network and security operations engineers usually only hear about DDoS attacks happening to other organizations. They think that they don't have enemies or have any other reason to be the target of an attack. In reality, their perceptions of risk factors and susceptibility are often misplaced as by simply having a web presence makes them a target, even if by mistake.
Myth 2: Server DDoS protections have me covered
Many engineers think that they can custom compile kernel code, set some options in Apache, install "mod_dosevasive" and use "iptables" and their DDoS attacks problems are taken care of. In reality, most servers do not have the capacity to handle DDoS attacks. Under most average sized DDoS attacks, the server CPUs will be too overloaded to give the Apache modules or Linux commands a chance to mitigate the event.
Myth 3: My ISP takes care of DDoS attacks for me
Many ISPs and hosting companies are happy to null-route an attacked IP domain to solve the problem of DDoS attacks. This works for many basic ones, however smaller layer 7 attacks easily bypass their protections and they pass along these application-level threats to your network. Unless your ISP advertises an advanced DDoS mitigation service, you can assume you're not completely protected. Some also mistakenly believe their ISP will help them get to the root of the attack. Most ISPs are too busy and they have strict and bureaucratic processes to reach each other. Typical response times from ISPs are in days and weeks if you want to rely on them to help determine the sources of DDoS attacks.
Myth 4: It's against the law. Call the police!
Yes, DDoS attacks are illegal however most law enforcement agencies will only pursue large attacks (10 Gbps and up) on large companies or institutions like banks, government agencies and major international corporations. Most likely they'll politely tell you that you're going to need to work with your ISP or a private investigator.
Myth 5: My routers and switches protect me from DDoS attacks
Even though your networking hardware may have access control lists (ACLs) that can block DDoS threats, the attackers can adapt quickly. The average hacker can easily get around your ACLs within minutes with a little determination.
Myth 6: A dedicated DDoS appliance will just get flooded too
Many wonder if there is any point in buying specialized DDoS appliances. Without DDoS mitigation equipment, your servers will be thoroughly exposed even to ordinary attacks. Newer devices on the market provide capacities of over 20 Gbps of throughput that can be overprovisioned to protect you from larger attacks. Combined with ISP DDoS protections you get a solution for bulk and sophisticated layer 7 attacks.