If a tree falls in a forest and no one is around to hear it, does it make a sound?
If your website gets hit with a DDoS attack and none of your users notice, did it really happen?
In both cases, well…yes. But no one or even very few people noticing your website was taken down by a DDoS attack is your best (unmitigated) DDoS attack scenario. In order to make this dream a reality, you either need to have very few website users who rarely go on to your website, or you need an excellent DDoS response plan. You should probably aim for the latter. Properly preparing for the aftermath of a DDoS attack can be boiled down to four vital steps.
DDoS attack details
DDoS is the initialism for distributed denial of service, a type of cyber attack that uses a vast number of computers or other internet connected devices to overwhelm or eat up the bandwidth or resources of a target website with malicious traffic, taking it offline completely or slowing it down enough to render it unusable, thereby denying its services to its legitimate users.
There are both immediate and long-term consequences of a DDoS attack. The most immediate is that your users will be frustrated by your website not working. This may translate to diminished loyalty from your users, questions about your overall security and whether or not they are safe on your website, and possibly even complaints on social media and other forums. All of this can lead to traffic lost to competing websites.
A DDoS attack can also cause hardware or software damage, and it can be used as a smokescreen for an intrusion that can result in stolen intellectual property, customer information and other sensitive data.
The four steps you need to prepare to take
There’s no way to prevent your website from being targeted by a DDoS attack. You can certainly protect your website from an attack (more on that later) but there is no way to stop a hacker or script kiddie from getting your website in his or her sightlines and firing. A recent IT industry survey found that 75% of IT decision makers have dealt with at least one DDoS attack in the past year. It’s a ubiquitous threat that’s only going to keep getting bigger, so it’s important to know how to get back on your feet after it happens.
Step 1: get those BGP connections going again
A large number of DDoS attacks target layers 3 and 4 of the OSI model, transport and networking, and when these layers are hit all of your connections with your peering partners and transit providers will be dropped thanks to border gateway protocol (BGP). Once the attack is over you must announce your network again to reinstate those BGP connections. Transit providers typically accept the connection request within a few minutes, but peering partners can take longer and cost you more money in the interim as you will be on the most expensive routes to begin with.
Step 2: restart firewalls and other appliances in the right order
When your website goes down there’s a chance that there will be a large number of users repeatedly checking your site to see if it’s back up. This could lead to a surge of traffic when your website goes up again, which could overwhelm your resources or bandwidth and put you back where you started: offline. Be sure to know what order you need to bring up your equipment in to avoid this crash. To do this, you need to be intimately familiar with your application and have an orderly restore plan in place.
Step 3: get your ISP to let you back on the network
When you get hit with a DDoS attack, you chew up bandwidth needed by other customers on your network. Understandably, ISPs will cut off your website to save themselves money. Many ISPs will ask for proof that your website will not be hit with another DDoS attack, so you may either need to invest in professional DDoS mitigation, or start looking for a new ISP.
Step 4: gradually reconnect user sessions
As mentioned in step 2, there’s a chance you’ll have a pent-up load of traffic waiting for you when you get back online. To keep from suffering what would essentially be an application layer DDoS effect, have a strategy for reconnecting those user sessions gradually. This can be accomplished by metering the amount of connections that can be established, or by routing users to different data centers by location or IP address range.
The one step you can take to not have to worry about those four steps
There’s another option, and frankly, it’s a better one. Having professional DDoS protection in place will keep you from groveling at the feet of your ISP, or keeping users waiting even longer than they already have to get on your website. And it will also keep you from suffering the DDoS attack consequences discussed above. No matter how fast you can get your website back online after an attack, it will always be better to not suffer the attack at all, no matter how few people notice.