A DDoS attack (contrary to popular belief) is not hacking. It is simply sabotage. It can be used as a smoke screen for a hacking attempt but usually it is used as a deterrent and then a ransom can be paid to be protected in the future.

The vectors for DDoS attacks are multiple, all you need is some request that you can send to a host on the Internet that will be replied to (like ping, DNS or a website) - you then forge a sender IP which happens to be the victim's IP adress. It is that simple.

In order to defend yourself you need to see that is is an attack, first. The two most important components are NetFlow data and a good monitoring strategy.

Monitoring your ingress and egress links is crucial. Having that kind of information at hand when it hits you can provide you with a strategy. The usual monitoring products poll the device every 1-5 minutes using SNMP. This will not work during an attack.

NetFlow metadata is continuously exported from the network device itself and in case of an attack the device should even be able to take action on its own (because you won't be able to log in to it anymore)

Getting rid of the traffic is the most important task when mitigating a DDoS attack. Most of them are simply volumetric by nature and BGP routing allows you to divert your traffic and "clean" it before re-injecting it into your network.

The easiest way to stop an attack is to block the destination at the network edge.. known as "blackholing" - this will make the attack complete but save the rest of your network. (sacrificing one customer to keep the others live) - combined with rapid DNS and IP changes this can be a viable strategy.

There are also higher-layer attacks that target specific weaknesses in firewalls and routers or operating systems that are more difficult to detect but easier to defend against. Contact us for more details and possibilities.