DDos Protected VPS Plans With ArticHost
Before diving into these attacks we'd like to remind you that ArticHost automatically includes DDoS Protection on all VPS plans.
What is a DDoS Attack?
DDoS stands for Distributed Denial of Service. These attacks have plagued the internet since its inception. No one knows when the first DDoS attack occured, but I bet the target won't ever forget it.
How does a DDoS attack work?
In short, it's when multiple sources send traffic to one destination in hopes of overloading the system or the network. Almost always, these attacks focus on the network. From a top-level view, the attack is a simple concept. The goal is to send as much traffic as possible to a particular destination such that the network gets overloaded and can no longer serve legitimate requests. Not every DDoS attack is built the same way. Sometimes attackers can leverage vulnerabilities in certain protocols, and products.
DDoS attacks can also be carried out either by computers infected with malware. Imagine thousands of infected computers, all being instructed to send massive amounts of data to one target. That is how a lot of DDoS attacks happen.
Furthermore, DDoS attacks can be executed by attackers spoofing the source IP of packets. This makes it difficult to stop the actual attack as it looks like thousands of computers are attacking you.
Amplification DDoS and How They Work
A more prevalent method that has taken hold is using a technique called amplification. How does an amplification attack work?
Let's say we have three servers: Server A, Server B, and Server C.
Server B is a network time protocol (NTP) server. NTP is a common protocol leveraged in DDoS attacks. Specific NTP messages can trigger a significant response.
For example, we might send a 100 Byte request but receive 1500 Bytes back when sending particular messages. Since NTP doesn't require a connection to be negotiated, we can trick Server B by changing the Source IP of our packets to be Server C.
The flow of communication happens like this. First, Server A sends a special NTP request to Server B with the source IP of Server C. Server B responds with this massive payload to Server C because that Server's IP was in the original request. What we've done thus far is tricked this NTP server into sending a massive payload to a target of our choosing. Imagine now doing this to thousands of NTP servers, exponentially growing the attack.
DDoS Attacks on Servers Today
In the year 2021, network-based attacks have exponentially grown in size and sophistication. Just last year, we witnessed the most significant DDoS attack in history. According to specific reports, the attack was around 2 Terabits per second in bandwidth size. In the case we just described, the target was Amazon's datacenters.
The Less Common DDoS Attacks: Host-based TCP Attacks
Most DDoS attacks today rely on a large number of bots or infected computers to reach their target. Network engineers or software developers working on DDoS attacks have noticed this and reacted accordingly. A large ammount of DDoS protection appliances or scrubbing services are easily able to handle TCP based attacks.
Simple TCP atacks, like a Syn flood, are easily detectable by either a hardware firewall, DDoS appliance, or even host based firewalls (software firewall). If you didn't know, syn is the first step of the TCP 3 way handshake, and thus, it's a simple attack vector. The goal with this kind of attack is to overwhelm the target server's web server process (Apache, Nginx, etc). These types of attacks are less often felt because at this point we've identified their weaknesses and how to block them.
Of course, there are various setups where these kind of attacks still work. Some type of simple TCP request, usually web server calls, enacted to tie up resources and prevent serving legitimate requests. Thus, it's important to have a DDoS protected VPS, as they can protect a wide range of attacks.
How can you protect your Server from a DDoS attack?
The only proper way to protect yourself from a DDoS attack is to filter the traffic upstream from your Server or Network. Filtering the traffic when it's already hit your server means it's too late, you've already wasted bandwidth, and your network is congested. Cloud providers like us, ArticHost, automatically scrub your traffic and block any DDoS attacks without ever involving you.
Can ArticHost protect my VPS from a DDoS attack?
Again, all of our VPS plans come with DDoS protection built-in. You never need to turn anything on, never need to take any manual actions, we handle it all for you.
DDos Protected VPS Linux Plans
DDos Protected VPS Windows Plans