AWS SHIELD

When a DDOS attack targets the web server which feeds the home page of your business, this page becomes unavailable for legitimate customers. This event can harm the brand’s reputation and cause loss of confidence on the part of customers.

DDOS: definition, specificities and protection

A distributed service denial attack (DDOS) is a cybersecurity weapon aimed at disrupting the functioning of services or extorting money from targeted organizations. These attacks can be motivated by politics, religion, competition or profit.

Technically, a DDOS attack is a distributed version of a Denial Service attack (DOS) whose aim is to disrupt the trade operations of the target. This type of attack sends a high volume of traffic to overload the normal operation of a service, a server or a network interconnection, thus making them unavailable. The back attacks interrupt the service, while the distributed attacks (DDOS) are carried out on a much larger scale, which allows to put out of service for whole infrastructure and evolutionary services (Cloud).

DDOS can seriously affect companies

Icons/concept/infinite@3x created with sketch.

When a DDOS attack targets the web server which feeds the home page of your business, this page becomes unavailable for legitimate customers. This event can harm the brand’s reputation and cause loss of confidence on the part of customers.

Icons/Concept/Warning Created With Sketch.

When your service is not available for your customers, your results can be affected. You may have to conclude service level agreements (SLA) that will have a financial impact on your business.

Icons/Concept/Curve Created With Sketch.

When your service is used by many sites, its failure can cause their unavailability for a while.

Examples of DDOS attacks

• The New Zealand Stock Exchange was the target of a volumetric DDOS attack in August 2020, which led to the service stop for three consecutive days and the loss of millions of dollars.
• In February 2020, a global hyperscacal noted that its infrastructure had been attacked by 2.3 TBPS of Flooding Traffic, or 20.6 million requests per second.
• In February and March 2018, a number of companies reported a newly observed attack vector, based on a Memcached flaw using amplification and reflection techniques. OVHCLOUD observed and filtered attacks up to 1.3 TBPS.
• In October 2016, a DDOS cyber attack on Dyn led to the interruption of important Internet services. It was a series of DDOS attacks targeting the systems exploited by the provider of domain name systems (DNS) DYN.
• The Mirai botnet composed of more than 600,000 IoT compromise devices (like cameras) was used in September 2016 to attack a well -known security news page: KrebsonSecurity. This attack targeted the victim’s page with traffic reaching 620 Gbps during his peak. In parallel, OVHCLOUD reported more than 1 attack TBPS.

DDOS Types

Volumetric DDOS attacks

DDOS volumetric attacks are the most widespread. A DDOS attack aims to make a server, service or infrastructure unavailable by flooding it with a large number of requests. In this way, network connection or server resources are saturated, so that legitimate requests cannot reach the server or that it cannot manage the charge or respond to requests. A large number of compromise computers (or other connected devices, for example IoT or webcams), a phenomenon called “botnet”, can be used by hackers to make a attack more distributed, which is more likely ‘achieve. One of the most commonly used techniques is to send a large quantity of small packages to the botnet whose IP address has been usurped. He will respond in turn with even larger packages sent directly to the victim (that is to say to the USurpée IP address). Flooding traffic targets are generally not able to respond, as their internet connections are completely overloaded (they reach the limits of their bandwidth). This technique is an attack by reflection and amplification.

Protocol attacks

These types of attacks target the protocols used for network communication and use their weaknesses to make the victim server or service unavailable. In some cases, they can lead to the overload of intermediate devices connecting the victim’s services to the Internet.

The DDOS attack by rebound is an example.

This type of attack is a denial of service distributed at the network level. A package sent by the attacker to a broadcast network address leads to an automatic response from each host. Using this method and usurping IP sources addresses, attackers can trigger a large number of responses and overwhelm their traffic victim. With enough ICMP responses, the target can be put out of service.

Attacks at the level of the application layer (L7)

Applications implement the most advanced logic and are generally the most resource, the most specific and probably the least tested. Which makes it an ideal target.

The attack methods targeting this layer generally require the least resources and may, for the most part, not be detected by the general systems of firewall and protection against back attacks.

Take the example of an attack on a game server (for example, Minecraft servers): it makes the game unreliable, unstable and some players lose their connection, or even experiment with a time of downtime. The game servers are made unusable, the platform loses its rank and the owner’s image is tarnished. Which induces a loss of players and money.

To protect yourself against this type of attack requires a good understanding of the application logic and its specific uses for optimal protection against attacks.

Discover our Public and Private Cloud services

Bare Metal servers

From web accommodation to deploy a high -resilience infrastructure, take advantage of the dedicated server that meets your needs and goals. Personalize your machine according to your project in a few clicks.

• Delivery in 120 sec
• Unlimited traffic on all our servers*
• No installation fees or commitment

*Datacenters of the Asia-Pacific region are excluded

Hosted Private Cloud

Accelerate your digital transformation thanks to our Hosted Private Cloud Evolutionary offers. Our products are agile, innovative and offer optimal security for your data so that you can focus on your activity.

• On -demand resources
• Confidence cloud accommodation
• Multi-Cloud environments
• Activity plans

Cloud audience

Thanks to the OVHCloud Cloud public, benefit from a large number of cloud solutions billed on a Pay-As-You-Go basis. Our infrastructure is put in place in a simple way to help you in your activities: exploit the flexibility of resources on demand to go from small projects to large -scale deployments.

• Managed Kubernetes
• IOPS
• Private register managed
• Storage of objects

In accordance with Directive 2006/112/This modified, from 01/01/2015, prices including tax are likely to vary according to the customer’s country of residence
(by default the tax prices displayed include French VAT in force).

AWS SHIELD

Detect and automatically attenuate sophisticated events of distributed service (DDOS) at the network level.

Personalize the protection of applications against the risks of DDOS thanks to the integrations with the Shield Response Team (SRT) or AWS WAF protocol.

Benefit from visibility, overview and cost reduction for DDOS events that have an impact on your AWS resources.

Functioning

AWS Shield is a managed DDOS attacks on DDOS attacks that protect the applications executed on AWS.

Click to enlarge

William Hill deployed high -performance protection on the outskirts and against DDOS risks ”

Dropbox’s Hellosign service has protected applications through signature protection ”

Baazi Games has designed improved cyber -defects with a limitation of DDOS risks in real time ”

The Latest in Ddos Attack Trends

Tune Into this Interactive Panel Discussion, featuring Omdia Main cybersecurity analyst rik turner, for insights on ddos ​​attack trends and What enters Should do to protect against ddos ​​Attacks. This webinar is the first episode in gtt insights, our new roundtable series that’s designed to discuss the hottest topics and trends in it.

Convincing the C-Suite to sufficiently invest in ddos ​​protection can be difficult for security operations teams Teams. For Further Useful Material To Help You Build Your Business Case, Download Corero’s Whitepaper On How To Pitch Ddos Protection To Your Enterprise C-Suite, Along with this Informative Ddos Threat Intelligent Infographic Infographic.

Watch
Webinar

Please enter Your Details Below.

Thank You

Enjoy the Webinar

Let’s Work Together

Talk to our experts to see if sd-wan is right for your enterprise.

Related Resources

NYC Ciso Assembly

A Day Full of Visionary Leaders and Experts in the Technology Industry Pro JONTE, Active Learning, and Networking. Apex Assembly Gathers The Technology Community in One Place to Collaborate and Exchange Ideas that move technology forward.

Incomasse

When you take part in the incomassed show, you’ll get access to critical networking opportunities, combined with a understanding, industry-relevant education program that features top-quaality presenters and speakers.

Richmond IT Directors Forum

Richmond Events is the pioneer of the one-to-one, Pre-Scheduled Business Forums Which Match Delegates and Suppliers to Generate New Business, Engages With Peers and Make New Connections.