As with any news event its usually the largest, most deadly or crazy story that grabs the headlines and sometimes the story is covered 24/7 for weeks. You would think there was an out of control pandemic of Ebola about to sweep across the US, even though as of today there is only 2 confirmed cases of Ebola in the US. I don’t want to say its not newsworthy. But does it justify hourly updates 24/7 for 2 or 3 weeks running ?
Ok, so what does Ebola have to do with gaming and DDoS attacks ? The similarities are the way its reported in the media. Every week or month there is great coverage given to DDoS attacks that are of the large bandwidth variety, 100, 200 and 300Gb/sec and going up every month, month after month.
The fact is that for every 100+Gb/Sec attack or greater there are 20,000+ other attacks that in many cases will be harder to mitigate and will have the same devastating effect on your Web operations. In other words your site will be down and inaccessible for your customers. How can this be ? The truth is, seasoned attackers know website programing like HTML, PHP, SQL, etc and understand their weaknesses. Every website has weak spots and sometimes, just open doors waiting to be tested and taken advantage of. Some of the large gaming website engineers are aware of these weak spots and try to have extra DDoS protection on these vulnerable areas of the operation. I remember speaking to a CTO for a very large gaming website and he told me “ We can easily handle 35,000 simultaneous users playing casino games but if 100 people go to this special sign-up form at the same time, the whole operation comes to a grinding halt”. This is a weak spot or vulnerability and an experienced attacker knows how and where to look for these spots.
From a DDoS attackers point of view, they want to take a website down with the minimal amount of effort. Why use a guided missile, when a single well placed bullet will do the trick. The simple fact is that most DDoS attacks are a mixed bag of data packets. For example they will throw some volume at your network connections, like a UDP flood, then they will have a smaller amount of TCP port 80 SYN type flood and lastly some well crafted packets or requests to take advantage of the weak spots that they have scouted out ahead of time. It’s this last bit of relatively small amount of sophisticated layer 7 requests or packets that cause all the problems. The TCP SYN attack and UDP flood are simply a smokescreen for what’s really causing the website to slow and eventually stop responding.
The above scenario unfortunately happens more frequently than you think.
Don’t worry !!! Here are 2 steps to help you protect your website from DDoS attacks.
1) Do you have adequate DDoS protection in place ?
A good recommendation is to make sure it’s from a DDoS protection provider that is cloud based as these types of services can handle very large amounts of malicious traffic and has lots of experience in this specialized field. There are a lot of Johnny come lately’s out there proclaiming themselves “experts” even though they weren’t in the business 2 years ago. Intrusion detection, firewalls and Identity theft are worlds apart from DDoS protection. Do some research and don’t forget to ask about the protection level and support.
2) Run vulnerability scans on your website, it’s the fastest and best way to find vulnerabilities (the weak spots). A good test can be expensive but it’s worth every penny, a good test will actually tell you how to close the holes if any are found. If your test costs less than $200.00 it’s probably just there to give you a false sense of security…Almost everyone gets an “All Clear”
We started offering this service to our existing customers and almost 9 out 10 websites we tested failed and 70% of these had multiple vulnerabilities.
This is important, because these vulnerabilities can be easily patched but you have to know they exist. You can’t fix what you don’t know is broken.
Run a good vulnerability scan every month, because every time a developer makes a change they can inadvertently open holes that were previously closed. A web application firewall can also help keep things locked down.
Mark Teolis ,
DOSarrest Internet Security