In case you haven't been paying attention, Botnet DDoS attacks passed the 40 Gigabits/sec mark in 2008, according to Arbor Networks. The sheer size of today's Botnets has reached into the mind-boggling realm of 1.9 million bots in a single Botnet. Couple that with the fact that Botnet DDoS attacks are one of the hardest assaults to defend against and you have a real nightmare scenario on your hands. This is why DDoS attacks are the most common method employed by extortionists to attempt to hold online merchants hostage for ransom. It's big business for criminals and business is good.
Here is a common scenario: bad guy employs a Botnet army to saturate and take out of service something that is of value to you. The targets range from just a DDoS to saturate one critical server to saturating your entire connection to the Internet, effectively taking down all your Internet service. In some cases, the bad guy will launch his attack first, take down the web services, and then ask for the ransom money. Other times the bad guy will just send in the ransom request with the threat that if it is not met by X days they will take their website down.
Of course, none of this is new to you right. But have you ever thought about what you and your company would do if you got hit (or hit again) with a Botnet DDoS attack? How prepared are you to defend against this type of attack? Many companies (both large and small) deal with the issue by explaining it away with arguments like "we don't have anything a hacker would want" or "we are to small of a target to be worth the trouble." In some cases this turns out to be fairly true; the risk of a DDoS attack is just not worth the security investment. But in many cases, this line of thinking is dangerously wrong and the risk is actually higher than perceived. If I think about it from a bad guy perspective, I'm looking for one of two things: money or fame. If you can provide either or both of those then you are a target of opportunity.
So, let's get down to it. How can you fight off a Botnet DDoS attack? Well, the answer varies depending on the type of DDoS attack you are having, your network infrastructure, security tools you have available, and other variables. Even though there are so many variables to how you defend against DDoS in your particular environment, I still think there is value is highlighting a few of the more popular tactics. Here are some tips that I have seen work with some success in the past. Others are brand-new techniques to me but seem to offer up a compelling solution. I've listed these defense tips in no particular order. But feel free to let us know what you think the order of effectiveness should be.
DDoS Prevention Offerings from your ISP or DDoS service
This defensive tactic is usually the most effect of the bunch and of course (typically) the most expensive as well. Many ISPs offer some form of in the cloud DDoS protection for you Internet links. The idea is that the ISPs will scrub/clean your traffic before allowing it onto your Internet pipe. Since this defense is done in the cloud, your Internet links don't become saturated by a DDoS attack. At least that's the goal, anyway. Again, no silver bullet. This service is also offered by third-party in-the-cloud DDoS prevention services. They work by redirecting your traffic to them during a DDoS attack. They clean it and send it back to you. This all happens in the cloud, so your Internet pipes don't become overwhelmed. A few examples of ISP that offer DDoS services are AT&T's Internet Protect and Verizon Business's DoS Defense Mitigation.