How to stop DDoS ?

Published: Nov. 28, 2021, 3:31 p.m.


Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 73 today we're going to discuss about We talked about a denial of service attack involving the continual flooding of a victim system with a request for services that causes a system to crash and run out of memory.Now, this usually happens when you're talking about one system attacking one system.But that wasn't enough with modern computers,so we moved up to the distributed denial of service attack,where hundreds or thousands of people target a single server to take it down.Now, in March of 2018, the website GitHub was actually hit by the largest DDoS that we've clocked to date.This is where tens of thousands of unique endpoints conducted a coordinated attack to hit that server with a spike in traffic,and the spike in traffic went up to 1.35 terabits per second.This took the website offline for all of five minutes.So you can see how these DDoSes are really hard on a server and can take them down,but not for very long if you can stop 'em.So your real question probably is,how can you survive one of these attacks?And how can you prevent it from taking down your organization's servers? Well, we have a couple of techniques.The first one is called blackholing or sinkholing.This technique identifies attacking IP addresses and routes all of their trafficto a non-existent server through a null interface.This effectively will stop the attack.Unfortunately, the attackers can move to a new IP and restart the attack all over again,and so this is only a temporary solution.Intrusion prevention systems can also be used to identify and respond to denial of service attacks.This can work for small scale attacks against your network,but you're not going to have enough processing power to handle a large scale attack or a big DDoS.Now, one of the most effective methods to utilize is to have an elastic cloud infrastructure.If you've built your infrastructure so that it can scale up when demand increases,you can ride out a DDoS attack.Now, the problem with this strategy, though,is that most service providers are going to charge you based on the capacity and resources that you used, so when you scale up,you're going to get a much larger bill from that service provider than you normally were expecting.And you're not getting a return on this investment,because this traffic was all wasted.It wasn't generating any revenue for you.So there's actually some specialized cloud providers out there that have taken on this challenge.People like Cloudflare and Akamai are designed to help you ride out these DDoS attacks.They provide web application filtering and content distribution on behalf of your organization. These service providers are focused on ensuring that you have highly robust, highly available networks that can ensure that they can ride out these DDoS attacks and these high bandwidth attacks.This is going to also give you additional layer defenses throughout your OSI model, and it's going to help provide you additional protections.


