A New Breed of Zombies: DDoS

By in Technology, Zombies on May 6, 2014
This post originally appeared on the Pyxl Blog.
The senior developers just returned from a weeklong gathering of fellow Ruby on Rails developers in Chicago.  We heard from a variety of thought leaders including David Heinemeir Hansson (DHH).  DHH is the creator of Ruby on Rails and Basecamp, both of which are tools we use at Pyxl on a day-to-day basis.  The day we returned back to work, Basecamp went down for around 20 minutes due to a DDoS attack. Here’s what that means for you and what you can do to prevent such attacks.

What is a DDoS?

Unless you work in some sort of web development profession, you’ve probably never heard of DDoS, but you’ve most definitely felt the effects of one.  A DDoS is a “distributed denial-of-service,” which in simple terms means somebody is attempting to interrupt every one else’s service by continuing to take up needless resources.  
Swat
A DDoS is also referred to as a zombie attack. To simplify further, think of a business that has 20 phone lines for technical support for a new video game system.  Someone at a rival video game system realizes this isn’t good for his system. So, he calls up 3 of his friends (the handlers) and tells them to have all of their friends and family call the new video game’s support line and try to stay on the line as long as possible.  Each of his 3 friends had 20 people (the zombies) call into the support line over and over again throughout the day.  During this time, when a person calls in who actually needs support, they can’t get through because all of the lines are busy.  They have been “denied service” simply due to the fact that other people were continuously calling in, not because the phone system went down or anything malicious happened. Sites that get hit by DDoS attacks are usually high target, high traffic, high profile sites, such as Basecamp.  You may be asking yourself what there is to gain from DDoS, and the simplest answer is not much.  Usually, these attacks are made as a protest or just because someone doesn’t like a certain company or site.

So what can I do if a site I’m trying to visit is being DDoS-ed?

Anything but this:
f5
Actually, the best thing to do is just wait and stop trying to hit the site repeatedly.  More than likely, the site’s server administrator is working on the problem and if you keep refreshing, you’re just adding to the problem instead of helping it.

So how do I prevent a DDoS on my site?

While none of these are foolproof, here are a couple of ways to help prevent a DDoS:
  1. Load balancing.  Load balancing your site will help mitigate the risk since both servers would have to be DDoS-ed in order for traffic to stop.  Load balancing the DNS is also helpful because even if your site is up, if DNS isn’t responding to people to tell them where to find it, they won’t be able to reach it anyway.
  2. Drop junk packets.  Most of the time, DDoS attacks send junk ICMP (Ping) packets. Filtering those out at the firewall level before your server has a chance to respond will keep unwanted traffic off the server.
  3. Caching.  Dynamic resources always take much longer to serve than static resources, so having a caching system in place will help your site from being DDoS-ed by normal traffic.
While there’s no surefire way to prevent or fix a DDoS attack, since each is as unique as a snowflake, putting the above measures in place will help prevent future attacks.

Comments are closed.