Distributed denial of service (DDoS) are among the toughest problems IT administrators have to face. On the one hand, they don’t involve the loss of corporate data. On the other they can temporarily put the enterprise out of business. Tim Turner, the London-based CIO for a social media blogging site called LiveJournal often faces DDoS attacks. In an interview with NetworkWorld U.S. he offered tips on how to handle them. Images from Shutterstock.com
Early warning
Recognize when an attack is happening. That means having either an anti-DDosS system in your data centre or a contact with an anti-DDoS provider. If the latter, you have to have a good relationship with the provider, Turner says, so it’s ready to turn on deflection when needed.
Sharing is everything
Make sure your anti-DDoS provider shares data. Some won’t share botnet source addresses or other data that might profile the attacker. The provider and customer have to work well together because as the attack goes on decisions have to be made on strategies.
Know what’s coming
There isn’t one kind of DDoS attack: Some target applications, others user SYN floods. Some combine techniques. You’ve got to understand what you’re dealing with in order to craft a solution. As expected, the blended attacks are the hardest to handle, says Turner.
Time isn’t on your side
DDoS attackers apparently have an eye on calendars when they strike LiveJournal: It’s been hit around holiday periods, perhaps thinking there are fewer IT staff around. And be prepared for surprises, like attackers trying to extort money to turn off their work. Turner says industries have to share more information about attacks.
Make sure the price is right
Pricing by DDoS providers can be complex, with some fees based on ensuring clean pipe, while others will charge even if your bandwidth isn’t completely clean. Be careful.