Preventing DDoS Attacks in 4 Steps

Ever wondered how DDoS all started?

The first reported DDoS attack, which recently turned 20, was executed using a network of 114 computers infected with a malicious code called “Trin00” on a computer that belonged to the University of Minnesota. This was followed months after by several similar attacks against other networks, including those of Yahoo, Amazon, and CNN.

DDoS attacks have gained ubiquity since then, but many companies remain insufficiently secured against the threat to this day. We’ve seen big name brands such as GitHub in February 2018 (1.3Tbps-strong), CloudFlare in 2014 (400Gbps-strong), and Spamhaus in 2013 (11Gbps-strong) succumb to and manage to survive massive DDoS attacks.

Though some cybersecurity experts predicted that the number of such attacks would decline, recent data says otherwise. In the first quarter of 2019, the total number of DDoS attacks increased by 84 percent from the last quarter of 2018. Even the length of DDoS sessions has doubled in a span of just six months.

Many providers now offer DDoS protection solutions, some are specialists while others are cybersecurity companies that integrate DDoS protection features into their own products. So why do a lot of companies still suffer from the threat?

The answer: insufficient security measures against bad traffic. Companies that don’t have intrusion detection and/or prevention solutions protecting their networks and systems can follow the 4-step process outlined below, using IP geolocation and other sources of intelligence.

1. Know Who Your Visitors Are
To do that, you will need an IP geolocation tracker. We all know that any business that manages online portals, whether for sales, lead generation, or boosting marketing performance, maintains a database of its website visitors. And every visitor that lands on a website or any of a company’s pages leaves an IP address behind. It would do any organization well to take a really close look at their visitor logs or database. Every business should find out who’s behind every IP address on it so to speak by creating virtual profiles with the help of an IP geolocation API or search tool.

2. Flag Suspicious-Looking IP Addresses
Mark all of the IP addresses that seem to be directing a lot of traffic to your website or specific pages for further investigation in the visitor database you created. Make sure the company who owns the IP address isn’t fake. A good way to do this is by developing the habit of reading cybersecurity news and updates. Take note of the fake companies named in these reports and make sure you’re not getting visits from their domains.

3. Rely on Cybersecurity Intelligence
Several organizations can inform on malicious IP addresses or those that have ties to fraudulent activities. This might be a third-party security provider you are working with and probably allows you to check whether any addresses you find suspicious have been blocked. If they are, then there’s no need for you to worry, you’re protected. Alternatively, you may check IP addresses yourself—there are IP geolocation lookup tools you can use online for that—and create your own blacklist.

4. Block Suspect IP Addresses’ Access to Your Site
After vetting the nature of the IP addresses on your blacklist, you can block them from gaining access to your website and pages. This is a great way to weed out bad from good traffic and should save you the trouble of becoming a DDoS victim yourself in the long run.

---

These days, you can never be too sure who’s lurking in the dark recesses of your network, just biding their time to catch you off guard. And because cybercriminals don’t discriminate when it comes to targets, any business—regardless of size or popularity—would surely benefit from taking all the necessary precautions. Because the alternative—succumbing to a cyber attack—costs a lot more than if they took additional steps to beef up their company’s security posture.

About the Author
Jonathan Zhang is the founder and CEO of Threat Intelligence Platform (TIP) — a data, tool, and API provider that specializes in automated threat detection, security analysis and threat intelligence solutions for Fortune 1000 and cyber-security companies. TIP is part of the Whois API Inc. family which is a trusted intelligence vendor by over 50,000 clients.