Stereotype buster: some DDoS (distributed denial of service) attacks hide, hit and run. These malicious attacks’ goal is to cause lasting damage and even total destruction. The aim is to execute damage on a target and promptly withdraw to sidestep the target’s possible defense and retaliation. It “messes” with the target’s morale. It is like when a new business swoops into a market to take huge profits and then leaves, poof!
The gypsy-like Scythian’s of Central Asia (under dogs) fought this way against Darius the Great’s Persian Achaemenid Empire and later on against Alexander the Great’s Macedonian Empire, both formidable entities. The Scythian’s had great success. Today, DDoS perpetrators and their botnets (whose device owners know or do not know what is going on) wreak the same havoc.
A hit and run DDoS (sometimes called drip and run) is a set of minuscule rounds of hard hitting application or network attacks. They occur sporadically which makes them hard to predict and fight. The average length of each attack is about 15 to 60 minutes. They stop online business and crash servers. Just when the situation is solved by the business that is attacked, the next round of DDoS occurs. Usually the attacks occur on average every 6 hours to 2 days. These intermittent DDoS attacks may continue for days, weeks or months. They can destroy and end a business.
Some anti-DDoS solutions include firewalls and anti-virus software, but the Hit and Run DDoS attack planners know all the vulnerabilities of typical defense tools. Other solutions are simply ready to be effected as needed, but they are not poised and ready for more than one DDoS attack in any given period of time. There is a huge cost for single activation of DDoS protection in such solutions. The protection is not ready at all times, so that the attacks wear down the server resources and the people who attempt to maintain them. It can even be mentally devastating to human resource morale.
Many DDoS services need manual start-up and may take too much time be effective on the spot. DNS re-routing, GRE tunneling, TCP SYN cookie and TCP SYN Authentication or even just flipping on the “DDoS Mitigation” mode takes too long when opposing hit and run DDoS attacks.
The DDoS hit and run attacks begin. The DDoS protection is setup at the last minute … actually … too late … equals downtime and loss of time, reputation and customers.
Let us say the weather every July usually includes daily thunderstorms that could also include a hurricane or tornado. So you put up storm doors and windows and tarp cover on the roof after the first thunderstorm and take it all down when it ends. You do this over and over. Then a hurricane begins to pound your area, and you struggle to get your storm doors and windows back up to thwart the damage. Such practice is ineffective. Damage will build up during each period of time that it takes to place those offense mechanisms into place. That is the problem with Hit and Run DDoS, and the potential for destruction excites perpetrators.
BlockDoS will discuss the opposite DDoS protection tactic of ‘Always Ready’ solutions in the next article. They may not always be the right choice either. Contact us for more information now while your business is doing well to prepare at http://www.www.blockdos.net/contact.