There are many DDoS attack patterns available to the hackers to bring down your online business. If you read about DDoS in the news you can see words like volumetric attacks, DNS amplification attacks, slowloris and smurf attacks! It’s normal to be lost in all this lingo and you probably tell yourself that anyway these things only happen to the others.
But, did you ever wanted to know whether your business is vulnerable to DDoS attacks even if you don’t know how to make a DDoS attack?
tl;dr
Which DDoS attack to test?
First of all, if you are using a secure and modern web server you should not be vulnerable to slowloris and smurf attacks are gone since decades.
What is important to remember is that a DDoS is like a battle and with tactic you can win over your opponents. Also, your opponents usually use DDoS weapons proportionally sized to their victims. In short, a hacker won’t use the same DDoS weapons to attack a bank than to attack your personnal blog.
If you know the enemy and know yourself, you need not fear the result of a hundred battles – Sun Tzu
Let’s go back to the basic and see 2 types of DDoS attacks to better know the ennemy.
Zombie botnet attack
The zombie DDoS attack is the most familiar to the people. In this attack a hacker is in control of several bots sometimes called zombies.
The botmaster can send remote commands to his zombie herds and/or the zombies fetch themselves the commands from a command and control botnet. The last big DDoS to hit the news called mirai, was a Zombie botnet and the recent attacks against krebsonsecurity, OVH and Dyn are not the kind of DDoS we see every day.
This type of DDoS attack will knock your website offline for hours if left unprotected and this is bad for the business.
Parasite attack
This parasite will download as fast as possible some web pages from your website. This usually doesn’t bring down your website but it will force your server to upload content toward the parasites.
When you upload content, you use bandwidth from your cloud provider or your ISP and this is billed per GB monthly.
If the parasite is left unnoticed for a month and that your website is hosted on the cloud, this could cost your business more than $14,000 in bandwidth overage.
Why testing my website against DDoS attacks?
If you want to survive a DDoS attacks you need to be prepared, you need to know the limits of your website and you need a plan.
The first step is to know whether you are vulnerable. Then fix it!
If you don’t have any plan yet or you don’t know whether your website is vulnerable against DDoS attacks, you can now use our service to identify weaknesses on your online business. Test your business now against the on going DDoS threats!
What about volumetric and DNS amplification?
These DDoS attacks need different kind of DDoS protections and are slightly more advanced. It’s important to see the DDoS threats as several components and to start preparing against them one by one. You can’t have 1 solution that fits all needs. Let’s start with the basic and we can review the more advanced stuff later. So back to our zombies and parasites!
How can I test my website against DDoS attacks?
What would be worst for your business between your website down during 1 day or to pay $14K in bandwidth overage? What if it’s possible to avoid these troubles before they happen?
Do you know there is a tool that will automatically scan your website for DDoS vulnerabilities and generate a report? The tool will test your website against DDoS attacks and will outlined it’s weaknesses. The report will also offer your business solutions against these DDoS attacks in case you are vulnerable.