<p>Goal №2 &ndash; probably the second most difficult goal after the first one-to - provide as much information as possible to the DDoS protection company.</p>

To ensure the protectability from DDoS attacks for online resources provide as much information as possible to the DDoS protection service provider.

Ways to Protect Against DDoS Attacks | StormWall

<p><em>11 September 2020</em></p>

<h1>How to ensure the protectability from DDoS attacks for online resources? Goal №2</h1>

<p>In the last post, we started the discussion of the goals that need to be completed to ensure the protectability from DDoS. Today we will continue.</p>

<div class="line">Goal №2 &ndash; probably the second most difficult goal after the first one-to - provide as much information as possible to the DDoS protection company.</div>

<h2>What do you need to do?</h2>

<h3><strong>1. The DDoS protection company should know exactly whether the service is working well at the moment.</strong></h3>

<p>It often happens that the provider of an anti-DDoS service thinks that everything is working fine, while the client complains about some problems being occurred, in his opinion, due to the provider&#39;s fault. But how to check it?</p>

<p>The client should discuss with the provider in advance how to check the well-being of the service he provider should be able to understand what exactly is not working as it should, and what is the reason for this, from the client&rsquo;s perspective.</p>

<h3><strong>2. The DDoS protection company should know which IP addresses and ports are used and for what purposes.</strong></h3>

<p>Oftentimes, a cybersecurity service provider and a client act on the task of ensuring security in separate ways. It leads to inadequate expectations on the part of a client and to an extremely weak understanding of what exactly and how to protect, on the part of the provider. As a result, the protection seems to be there, but its effectiveness is very doubtful.</p>

<p>It should be remembered that a reliable &quot;line of defense&quot; of an Internet resource is the result of close collaboration between a client and a&nbsp;<a href="https://stormwall.network/knowledge-base/termin/ddos">DDoS protection</a>&nbsp;provider. In particular, information about which IP addresses and ports the protected resource uses for what purposes will help the provider to choose the best way to build the defense, minimizing the vulnerability of the resource, while maintaining its availability, functionality and performance.</p>

How to ensure the protectability from DDoS attacks for online resources? Goal №2

<p>So, the goal №1 - perhaps the simplest &ndash; is to give the attacker as little information as possible.</p>

A story about using StormWall protection services on the example of a real client.

How to Protect Against DDoS Attacks — Case Study StormWall

<p><em>3 September 2020</em></p>

<h1>How to ensure the protectability from DDoS attacks for online resources? Goal №1</h1>

<p>In the last post, we talked about the protectability from DDoS attacks, understood the main parameters it depends on and gave the example of two systems which had dramatic differences in their protectability potential due to the architecture that the systems had. Today we will start discussing the first goal that needs to be achieved in order to ensure security.</p>

<div class="line">So, the goal №1 - perhaps the simplest &ndash; is to give the attacker as little information as possible.</div>

<h2>Example from our practice</h2>

<p>About five years ago, we faced a very expensive, several-week-long, intense DDoS attack on a popular gaming service. The capacity we had at that time was not enough to mitigate it completely. A trick helped: since the service was divided into an authentication server and game servers, we agreed with the developers that after authentication, the player was given an IP address that strictly corresponds to one of the 32 pre-allocated segments of the Internet depending on the IP from which this user connects. In addition, we asked our service providers to restrict these segments on the upper level so that each individual address can only accept requests from a specific segment of the Internet. As a result, the intensity of the attack decreased by 32 times &ndash; and we successfully coped with it. Our advantage was that the attacker didn&#39;t know exactly which IP addresses to attack. I.e., it is very important to minimize the opportunities available to the attacker to check the health of the service.</p>

<h2>Put yourself in the attacker&rsquo;s shoes</h2>

<p>Imagine yourself, for example, as an attacker trying to bring down some Internet Service Provider (ISP). After scanning its network, you will find out what its IP addresses respond to, and to which requests (let&rsquo;s say, ping or TCP probe). But what if you lose all verification methods? First of all, you won&#39;t be able to tell if the attack was successful. And if your goal is merely to stop the Internet for the ISP&rsquo;s clients, then without an insider, you will be able to tell if you are successful or not. As a result you will just switch to other victims with which you can easily tell whether your attack is successful.</p>

<p>Finally, you need to take care of &ldquo;general&rdquo; security. It is not uncommon for hackers to try to hack a server after several failed DDoS attacks to learn more about its architecture and find out some important details for subsequent attacks.</p>

<h2>Recommendations that will help to achieve &ldquo;Goal №1&rdquo;</h2>

<ol>
	<li>When designing a system, imagine yourself as an attacker and evaluate how you could test the performance of your service. By minimizing the possibility of such verification, you will significantly reduce the probability of a successful attack.</li>
	<li>Don&#39;t forget to think about &ldquo;general&rdquo; security measures (protection from hacking), because if a DDoS attack fails, a hacker will most likely start actively searching for vulnerabilities.</li>
</ol>

How to ensure the protectability from DDoS attacks for online resources? Goal №1

<p>The goal №3 - ensure clear opportunities for filtering the attacks. Many clients are sure that merely using an anti-DDoS service will save them from problems to ensure the protection from DDoS attacks. This is an illusion.</p>

Many clients are sure that merely using an anti-DDoS service will save them from problems to ensure the protection from DDoS attacks. This is an illusion.

Ensure Clear Opportunities for Filtering Attacks | StormWall

<p><em>17 September 2020</em></p>

<h1>How to ensure the protectability from DDoS attacks for online resources? Goal №3</h1>

<p>Last week we discussed how to provide as much information as possible to the&nbsp;<a href="https://stormwall.network">DDoS protection</a>&nbsp;company.</p>

<p>&nbsp;</p>

<div>Today we will continue with the goal #3 - ensure clear opportunities for filtering the attacks.</div>

<p>&nbsp;</p>

<p>Many clients are sure that merely using an anti-DDoS service will save them from problems to ensure the protection from DDoS attacks. This is an illusion.</p>

<h2>Let&rsquo;s imagine a situation</h2>

<p>Imagine an online service that works with UDP and a formal connection procedure does not exist, so the legitimate sequence of packets that must be exchanged upon connection is not defined. At the same time, the performance of the service is quite low, and if an attack starts, even a small one, it will definitely go down.</p>

<p>So, the question is - how will the DDoS-protection company secure such a service? There is no way to filter packets by any signature because the signatures can be random. Source IP addresses of the packets can also be random, so it is impossible to restrict the flow based on them. Standard verification methods can be used to protect the service from DDoS attacks of standard types. But if an attacker will use an unusual method developed specifically for the attacked service? What will you do?</p>

<h2>What to do?</h2>

<p>You need to think about these aspects in advance, at the stage of service development. You need to provide the DDoS protection company with a clear opportunity to cut off interaction with bots. Of course, it is much easier to implement it with TCP than with UDP. If for some reason it is necessary to use UDP, then you should at least provide the DDoS protection provider with documentation on this service, which describes in detail the connection and authentication procedures. Some popular UDP protocols (such as SIP, SAMP, and TeamSpeak) can be filtered quite easily because they have detailed descriptions. If the protocol on which the service is based does not contain filtering mechanisms, then it is very difficult to protect such a service.</p>

<h2>Our recommendations</h2>

<ul>
	<li>If it&rsquo;s possible use TCP.</li>
	<li>If you are forced to use UDP, you should decide how to distinguish a legitimate client from an illegitimate one.</li>
	<li>Make sure that the DDoS protection company knows how to filter an attack and has a filtering method.</li>
</ul>

<p>Remember that connecting Anti-DDoS service is not a panacea, especially if the service is based on UDP.</p>

How to ensure the protectability from DDoS attacks for online resources? Goal №2

What do you need to do?

1. The DDoS protection company should know exactly whether the service is working well at the moment.

2. The DDoS protection company should know which IP addresses and ports are used and for what purposes.

Read also articles: