DDos (Distributed Denial of Service)

DDoS attack is one of the cyber-attack systems that website owners fear the most and put server companies in the most trouble. We can say that the recent diplomatic crises in Turkey in general, especially in the recent period, means that there is a much more serious intensity in terms of cyber attacks.

Distributed Denial of Service (DDoS) is the prevention of users from accessing the system or site as a result of attacks organized by exposing a system to data above certain capacity limits. The type of attack, which initially emerged with DoS, that is, attacking the target from a single source, has increased in severity over time by attacking a single target from multiple sources.

When each system is installed, certain values are predicted for factors such as the number of users, line capacity, number of instant requests, and the design is made to handle a load slightly above these values. DDoS, on the other hand, is a type of attack aimed at preventing the accessibility of the system by exhausting the system with the number of instant users and instant requests far above the load that the system can handle, making it unable to respond or filling the line.

What is DDoS?

DDoS (DistrubutedDenial of Service Attack) means the creation of a serious instantaneous intensity for all the services of the servers and increasing the resource consumption to the peak points.

In general, millions of IP addresses that have been compromised are much more commonly used to create this artificial traffic. DDoS, which draws attention as a cyber attack model, is generally done with the help of botnets created by hackers. It is one of the attack types that cause serious vulnerabilities in servers.

What are the Symptoms of a DDoS Attack?

DDoS is one of the options that completely locks server systems and creates very serious problems in a short time. The fact that these attacks are becoming more widely recognized every day is the biggest indicator of how great the danger is. If we provide information about the symptoms;

1. Websites suddenly become seriously sluggish,

2. Disconnections in website or server services,

3. Instantaneous peaks in server resource consumption,

4. Accumulation of data loads caused by UDP, SYN and GET/POST,

5. Prolonged service interruptions,

It can be observed as the main symptoms of DDoS attacks. It is very dangerous for us server companies. For this reason, as HostTESCIL, we approach DDoS attacks with maximum sensitivity.

What are the Types of DDoS Attacks?

We can examine so many topics related to DDoS types that it would take a serious amount of time to count them all. There are 7 different DDoS attack types known worldwide. Briefly, these attack types and their characteristics are as follows;

Volume BasedDDoS: It is a system that enables intensive querying to instantly inflate the bandwidth service used on servers. It is the most widely used DDoS attack model worldwide.

Protocol BasedDDoS: There are various layers within the Open Systems Interconnection (OSI). It is done by using the vulnerabilities in units 3 and 4 within these layers. It is a dangerous and locking attack model.

Application LayerDDoS: Sare attack units that create a load on the server by using GET and POST forms on the systems hosted in the server content.

SYN FloodDDoS: On the server side, TCP-oriented resource packets can pose a serious threat. These packet files are the most serious problems in server systems and make resource data unusable. Therefore, it draws attention as one of the most dangerous attack models.

UDP FloodDDoS: These are the types of attacks used to lock the ports running on the server side. It is a DDoS model that ensures that ports are closed or unable to provide service by sending UDP packets.

PingFlood: As you can understand from its name, it is an attack model that occurs as a result of throwing PINGs to the server wing over thousands or even millions of IPs.

What are the Ways to Prevent DDoS?

Unfortunately, there is no sure and permanent solution to avoid being the target of DDoS attacks. However, there are some methods that can reduce the likelihood of being targeted and the effects of the attack.

In general, if you think that the above-mentioned DDoS symptoms are experienced in your system, it is very important to take early measures as it is one of the best ways of defense. However, it requires the right technology and expertise to distinguish these symptoms from instant and normal performance increases / decreases in your system.

In terms of businesses, the well-designed network infrastructure and the high level of system and TCP/IP knowledge of the relevant personnel are at the top of the protection measures.

Apart from this, it is possible to protect against DDoS attacks or reduce the impact of the attack with some applications to be realized.

Router Level Protection

Packets sent to target systems first pass through the router and are forwarded to other systems. With this feature, routers are the first systems to encounter an attack and the measures to be taken over routers are very important in terms of meeting the attack from the first moment. If some adjustments to be made on routers and features for incoming packets during the attack can be determined, attacks can be prevented or their impact can be reduced with the access control list to be created.

However, we would like to remind you that in most shared services, special settings are not made by users on routers, which are the responsibility of the service provider.

Firewall Level Protection
Another application is the measures that can be taken at the firewall level. One of these measures is to use the “rate limiting” feature. If the relevant device supports this feature, rate limiting can be used to determine the maximum number of packets from a specific IP address and block IPs that exceed the maximum value.

From the point of view of individual users;

• Making timely and complete system updates
• Use of anti virus programs
• Active use of a firewall
• Using the filters required for secure e-mail traffic and blocking spam traffic.
  It is useful to take simple precautions such as

If, despite these measures, there is still a problem, it would be the best solution to contact the internet service provider.