Understanding DDoS

This article originally appeared in iGaming Magazine, March 2016

A successful iGaming business depends upon constant uptime and to ensure this, it deploys appropriate defences to mitigate against the many possible causes of disruption to its business. One of the main threats from within cyberspace is the Distributed Denial of Service (DDoS) attack which aims to bring sites down by overwhelming them with requests. Pierre Le Marre, Data Centre Account Director at Channel Islands-based data centre provider, Sure International provides an overview of DDoS attacks and how to stop them from preventing you doing business.**

DDos is a type of Denial of Service (DoS) attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system, causing a DoS attack. The attack is an attempt to exhaust the resources available to a network, application or service so that genuine users cannot gain access, making even short-lived successful attacks extremely costly to iGaming businesses. Victims of a DDoS attack consist of both the end-targeted system and all systems maliciously used and controlled by the hacker in the distributed attack.

How DDoS Attacks Work

In a DDoS attack, the incoming traffic flooding the victim originates from many different sources – potentially hundreds of thousands of compromised machines. This effectively makes it impossible to stop the attack simply by blocking a single IP address. It is also very difficult to distinguish legitimate user traffic from attack traffic that is spread across so many points of origin.

The Difference between DDoS and DoS Attacks

A Denial of Service (DoS) attack is different from a DDoS attack. The DoS attack typically uses one computer and one Internet connection to flood a targeted system or resource. Therefore the attack is targeted from a single IP address and easier to ‘black hole’. The DDoS attack uses multiple computers and Internet connections to flood the targeted resource. DDoS attacks on the other hand, are often global attacks distributed via botnets.

Types of DDoS Attack

Volumetric Attacks: Attempt to consume the bandwidth either within the target network/service, or between the target network/service and the rest of the Internet. These attacks focus on causing congestion. TCP State-Exhaustion Attacks: These attacks attempt to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks. Application Layer Attacks: These target some aspect of an application or service at Layer 7. These are the most harmful attacks as they can be very effective with as few as one attacking machine generating a low traffic rate, which makes them very difficult to detect and mitigate). Application layer attacks have become more common over the past three or four years and simple application layer flood attacks (HTTP GET flood etc.) have become one of the most used DDoS attacks.

Why are DDoS Attacks so Dangerous?

DDoS represents a significant threat to business continuity and therefore they are a threat to every iGaming business. Although most attacks are aimed at disrupting a service, they have been used as a distraction by hackers looking to infiltrate networks, possibly to steal data. It is believed that the recent TalkTalk breach was preceded by a DDoS attack.

What can be done to prevent attacks?

In relation to Data Centre hosting, where a large percentage of e-Gaming and e-Commerce is congregated, ISP’s can provide an On-Net/Off-Net solution to protect their customers. This can incur significant costs but the alternative, which is to implement your own solutions based on best practise, comes with the greater risk of attacks succeeding, causing downtime and loss of business.

Of course, there is no perfect solution, every business has to decide on its security provisions by weighing up the permissible level of risk against cost but an ISP’s ability to provide On-Net solutions means it is able to detect an attack before it even reaches the customer’s hardware. At Sure, we’ve deployed Arbor DDoS protection capable of mitigating DDoS attacks. The system secures the high bandwidth gateways at the network’s edge and keeps malicious data far from the core and our clients’ systems.

Above this, we’ve deployed an integrated high capacity Off-Net cloud-based solution powered and managed 24/7 by Arbor. The security cloud solution is capable of mitigating attacks in excess of 1Tb/s, so customers stay online even when their systems are under heavy attack.