DoS and DDoS attacks: meaning and differences. Why are DoS and DDoS attacks dangerous? The difference between dos and ddos

On a computing system in order to bring it to failure, that is, the creation of such conditions under which legal (lawful) users of the system cannot access the resources (servers) provided by the system, or this access is difficult. The failure of the “enemy” system can also be a step towards mastering the system (if in an emergency the software gives out any critical information - for example, version, part of the program code, etc.). But more often it is a measure of economic pressure: downtime of a revenue-generating service, bills from the provider, and measures to avoid an attack significantly hit the “target” in the pocket.

If an attack is carried out simultaneously from a large number of computers, one speaks of DDoS attack(from English. Distributed Denial of Service, distributed denial of service attack). In some cases, an unintended action leads to an actual DDoS attack, for example, placing a link on a popular Internet resource to a site hosted on a not very productive server (slash dot effect). A large influx of users leads to exceeding the allowable load on the server and, consequently, a denial of service for some of them.

Types of DoS attacks

There are various reasons why a DoS condition may occur:

  • Error in program code, resulting in access to an unused fragment of the address space, execution of an invalid instruction, or other unhandled exception when the server program crashes - the server program. A classic example is zero-based referencing. null) address.
  • Insufficient validation of user data, leading to an infinite or long cycle or increased long-term consumption of processor resources (up to the exhaustion of processor resources) or the allocation of a large amount of RAM (up to the exhaustion of available memory).
  • flood(English) flood- “flood”, “overflow”) - an attack associated with a large number of usually meaningless or incorrectly formatted requests to a computer system or network equipment, which has as its goal or led to the failure of the system due to exhaustion system resources- processor, memory or communication channels.
  • Attack of the second kind- an attack that seeks to cause a false alarm of the protection system and thus lead to the unavailability of the resource.

If an attack (usually a flood) is made at the same time as a large number IP addresses - from several computers dispersed in the network - in this case it is called distributed denial of service attack ( DDoS).

Exploitation of bugs

Exploit name a program, a piece of program code, or a sequence of program commands that exploits vulnerabilities in software and used to attack a cyber system. Of the exploits that lead to a DoS attack, but are unsuitable, for example, to seize control of an "enemy" system, the most famous are WinNuke and Ping of death (Ping of death).

flood

For flooding as a violation of netiquette, see flooding.

flood call a huge stream of meaningless requests with different computers in order to occupy the “enemy” system (processor, RAM or communication channel) with work and thereby temporarily disable it. The concept of “DDoS attack” is almost equivalent to the concept of “flood”, and in everyday life both of them are often interchangeable (“flood the server” = “DDoS’it the server”).

To create a flood can be used as usual network utilities like ping (this is known, for example, to the Internet community " Upyachka"), and special programs. The possibility of DDoS is often "sewn up" in botnets. If a cross-site scripting vulnerability or the ability to include images from other resources is found on a site with high traffic, this site can also be used for a DDoS attack.

Communication channel and TCP subsystem flood

Any computer connected to outside world over the TCP/IP protocol, is subject to the following types of flooding:

  • SYN flood - with this type of flood attack, a large number of SYN packets are sent to the attacked node via the TCP protocol (requests to open a connection). At the same time, after a short time, the number of sockets available for opening (software network sockets, ports) is exhausted on the attacked computer, and the server stops responding.
  • UDP flood - this type of flood does not attack the target computer, but its communication channel. Providers reasonably assume that UDP packets should be delivered first, while TCP can wait. A large number of UDP packets of different sizes clog the communication channel, and the server running over the TCP protocol stops responding.
  • ICMP flood - the same thing, but with the help of ICMP packets.

Application layer flood

Many services are designed in such a way that a small request can cause a large expense. computing power on server. In this case, it is not the communication channel or the TCP subsystem that is attacked, but the service (service) itself - a flood of such "sick" requests. For example, web servers are vulnerable to HTTP flooding - either a simple GET / or a complex database query like GET /index.php?search= can be used to disable a web server<случайная строка> .

DoS attack detection

There is an opinion that special tools for detecting DoS attacks are not required, since the fact of a DoS attack cannot be overlooked. In many cases this is true. However, successful DoS attacks were observed quite often, which were noticed by the victims only after 2-3 days. It happened that the negative consequences of an attack ( flood-attacks) resulted in excessive costs for paying for excess Internet traffic, which was found out only when receiving an invoice from an Internet provider. In addition, many intrusion detection methods are ineffective near the target of attack, but are effective on network backbones. In this case, it is advisable to install detection systems exactly there, and not wait until the user who has been attacked notices it himself and seeks help. In addition, in order to effectively counteract DoS attacks, it is necessary to know the type, nature, and other characteristics of DoS attacks, and detection systems make it possible to quickly obtain this information.

DoS attack detection methods can be divided into several large groups:

  • signature - based on a qualitative analysis of traffic.
  • statistical - based on a quantitative analysis of traffic.
  • hybrid (combined) - combining the advantages of both of the above methods.

DoS protection

Measures to counter DoS attacks can be divided into passive and active, as well as preventive and reactive.

Below is a brief list of the main methods.

  • Prevention. Prevention of the reasons that prompt certain individuals to organize and undertake DoS attacks. (Very often, cyberattacks in general are the result of personal grievances, political, religious and other disagreements, provocative behavior of the victim, etc.)
  • Filtering and blackholing. Blocking traffic from attacking machines. The effectiveness of these methods decreases as you get closer to the object of attack and increases as you get closer to the attacking machine.
  • Reverse DDOS- redirecting the traffic used for the attack to the attacker.
  • Elimination of vulnerabilities. Doesn't work against flood-attacks for which "vulnerability" is the finiteness of certain system resources.
  • Increasing resources. Naturally, it does not provide absolute protection, but it is a good background for applying other types of protection against DoS attacks.
  • Dispersal. Building distributed and duplicating systems that will not stop serving users, even if some of their elements become unavailable due to a DoS attack.
  • Evasion. Moving the immediate target of the attack (domain name or IP address) away from other resources that are often also affected along with the immediate target of the attack.
  • Active response. Impact on the sources, the organizer or the control center of the attack, both by man-made and organizational and legal means.
  • Using equipment to repel DoS attacks. For example DefensePro® (Radware), Perimeter (MFI Soft), Arbor Peakflow® and other manufacturers.
  • Acquisition of a service to protect against DoS attacks. Actual in case of exceeding the bandwidth of the network channel by the flood.

see also

Notes

Literature

  • Chris Kaspersky Computer viruses inside and outside. - Peter. - St. Petersburg. : Peter, 2006. - S. 527. - ISBN 5-469-00982-3
  • Stephen Northcutt, Mark Cooper, Matt Fearnow, Karen Frederik. Analysis of typical security breaches in networks = Intrusion Signatures and Analysis. - New Riders Publishing (English) St. Petersburg: Williams Publishing House (Russian), 2001. - P. 464. - ISBN 5-8459-0225-8 (Russian), 0-7357-1063-5 ( English)
  • Morris, R.T.= A Weakness in the 4.2BSD Unix TCP/IP Software. - Computing Science Technical Report No.117. - AT&T Bell Laboratories, Feb 1985.
  • Bellovin, S.M.= Security Problems in the TCP/IP protocol Suite. - Computer Communication Review, Vol. 19, No.2. - AT&T Bell Laboratories, April 1989.
  • = daemon9 / route / infinity "IP-spooling Demystified: Trust Realationship Exploitation". - Phrack Magazine, Vol.7, Issue 48. - Guild Production, July 1996.
  • = daemon9 / route / infinity "Project Neptune". - Phrack Magazine, Vol.7, Issue 48. - Guild Production, July 1996.

Links

  • DoS attack in the Open Directory Project Link Directory (

Recently, we have been able to make sure that DDoS attacks are a fairly strong weapon in information space. With the help of DDoS attacks with high power, you can not only disable one or several sites, but also disrupt the operation of the entire network segment or even disable the Internet in a small country. These days, DDoS attacks are happening more and more often and their power is increasing every time.

But what is the essence of such an attack? What happens in the network when it is executed, where did the idea to do this come from and why is it so effective? You will find answers to all these questions in our today's article.

DDoS or distributed denial-of-service (split denial of service) is an attack on specific computer on the network, which causes it, by overloading, not to respond to requests from other users.

To understand what a ddos ​​attack means, let's imagine the situation: a web server gives users pages of a site, let's say it takes half a second to create a page and completely transfer it to the user's computer, then our server will be able to work normally at a frequency of two requests per second. If there are more such requests, they will be queued and processed as soon as the web server is free. All new requests are added to the end of the queue. Now let's imagine that there are a lot of requests, and most of them go only to overload this server.

If the rate of arrival of new requests exceeds the rate of processing, then, over time, the request queue will be so long that in fact new requests will no longer be processed. This is the main principle of a ddos ​​attack. Previously, such requests were sent from one IP address and this was called a denial of service attack - Dead-of-Service, in fact, this is the answer to the question what is dos. But such attacks can be effectively dealt with by simply adding the ip address of the source or several to the block list, moreover, several devices, due to network bandwidth limitations, cannot physically generate a sufficient number of packets to overload a serious server.

Therefore, now attacks are carried out immediately from millions of devices. The word Distribed was added to the naming, distributed, it turned out - DDoS. One by one, these devices mean nothing, and perhaps have an Internet connection with not very high speed, but when they all start sending requests to the same server at the same time, they can reach a total speed of up to 10 Tb / s. And this is already quite a serious indicator.

It remains to figure out where the attackers take so many devices to carry out their attacks. it conventional computers, or various IoT devices that attackers were able to access. It can be anything, camcorders and routers with firmware that has not been updated for a long time, control devices, and ordinary computers of users who have somehow caught a virus and are not aware of its existence or are in no hurry to remove it.

Types of DDoS attacks

There are two main types of DDoS attacks, one focused on overloading a specific program and attacks aimed at overloading the network link itself to the target computer.

Attacks on the overload of a program are also called attacks at 7 (in the osi network model, there are seven levels and the last one is the levels of individual applications). An attacker attacks a program that uses a lot of server resources by sending a large number of requests. In the end, the program does not have time to process all the connections. This is the type we discussed above.

DoS attacks on the Internet channel require much more resources, but they are much more difficult to deal with. If we draw an analogy with osi, then these are attacks on the 3-4 level, namely on the channel or data transfer protocol. The fact is that any Internet connection has its own speed limit with which data can be transmitted over it. If there is a lot of data, then network hardware in the same way as the program, it will queue them for transmission, and if the amount of data and the rate of their arrival greatly exceed the speed of the channel, then it will be overloaded. The data transfer rate in such cases can be calculated in gigabytes per second. For example, in the case of a small country of Liberia disconnected from the Internet, the data transfer rate was up to 5 Tb / s. However, 20-40 Gb/s is enough to overwhelm most network infrastructures.

Origin of DDoS attacks

Above, we looked at what DDoS attacks are, as well as methods of DDoS attacks, it's time to move on to their origin. Have you ever wondered why these attacks are so effective? They are based on military strategies that have been developed and tested over many decades.

In general, many of the approaches to information security based on military strategies of the past. There are Trojan viruses that resemble the ancient battle for Troy, ransomware that steal your files to get a ransom, and DDoS attacks that limit the enemy's resources. By limiting the enemy's options, you gain some control over his subsequent actions. This tactic works very well for both military strategists. and for cybercriminals.

In the case of military strategy, we can very simply think about the types of resources that can be limited in order to limit the capabilities of the enemy. Limiting water, food and building materials would simply destroy the enemy. With computers, everything is different; there are various services, for example, DNS, web server, servers Email. All of them have different infrastructure, but there is something that unites them. This is a network. Without a network, you won't be able to access the remote service.

Warlords can poison water, burn crops, and set up checkpoints. Cybercriminals can send invalid data to the service, force it to consume all the memory, or completely overload the entire network channel. Defense strategies also have the same roots. The server administrator will have to monitor incoming traffic to find malicious traffic and block it before it reaches the target network channel or program.

findings

DDoS attacks are becoming more common and more powerful every time. This means that the services we use will increasingly be attacked. One of the ways we can reduce the number of attacks is to make sure that our devices are not infected with any viruses and receive updates on time. Now you know what a DDoS attack is and know the basics of protection, in one of the following articles we will look at the last point in more detail.

To conclude, I offer a lecture on DDoS attacks:

DoS and DDoS attack is an aggressive external impact on the computing resources of a server or workstation, carried out in order to bring the latter to failure. By failure, we mean not the physical failure of the machine, but the unavailability of its resources for conscientious users - the failure of the system to service them ( D enial o f S ervice, from which the abbreviation DoS is formed).

If such an attack is carried out from a single computer, it is classified as DoS (DoS), if from several - DDoS (DDoS or DDoS), which means "D issued D enial o f S service" - distributed denial of service. Next, we’ll talk about why attackers carry out such actions, what they are, what harm they cause to the attacked, and how the latter protect their resources.

Who can be affected by DoS and DDoS attacks

Corporate servers of enterprises and websites are exposed to attacks, much less often - personal computers individuals. The purpose of such actions, as a rule, is the same - to inflict economic harm on the attacked person and at the same time remain in the shadows. In some cases, DoS and DDoS attacks are one of the stages of server hacking and are aimed at stealing or destroying information. In fact, an enterprise or website belonging to anyone can become a victim of attackers.

A diagram illustrating the essence of a DDoS attack:

DoS and DDoS attacks are most often carried out at the suggestion of dishonest competitors. So, by “filling up” the website of an online store that offers a similar product, you can temporarily become a “monopolist” and take its customers for yourself. By “putting down” a corporate server, you can disrupt the work of a competing company and thereby reduce its position in the market.

Large-scale attacks that can cause significant damage are usually carried out by professional cybercriminals for a lot of money. But not always. Homegrown amateur hackers can attack your resources - out of interest, and avengers from among the laid-off employees, and simply those who do not share your views on life.

Sometimes the impact is carried out for the purpose of extortion, while the attacker openly demands money from the owner of the resource to stop the attack.

The servers of state companies and well-known organizations are often attacked by anonymous groups of highly skilled hackers in order to influence officials or cause public outcry.

How attacks are carried out

The principle of operation of DoS and DDoS attacks is to send a large flow of information to the server, which, to the maximum (as far as the hacker's capabilities allow), loads the computing resources of the processor, RAM, clogs communication channels or fills up disk space. The attacked machine cannot cope with the processing of incoming data and stops responding to user requests.

This is how the normal operation of the server, visualized in the Logstalgia program, looks like:

The effectiveness of single DOS attacks is not very high. In addition, an attack from a personal computer puts the attacker at risk of being identified and caught. Distributed attacks (DDoS) carried out from so-called zombie networks or botnets provide much more profit.

This is how the Norse-corp.com website displays the activity of the botnet:

A zombie network (botnet) is a group of computers that have no physical connection to each other. They are united by the fact that they are all under the control of an attacker. Control is exercised through Trojan, which for the time being may not manifest itself in any way. When carrying out an attack, a hacker instructs infected computers to send requests to the victim's website or server. And he, unable to withstand the onslaught, stops responding.

This is how Logstalgia shows a DDoS attack:

Any computer can join the botnet. And even a smartphone. It is enough to catch a Trojan and not detect it in time. By the way, the largest botnet numbered almost 2 million machines around the world, and their owners had no idea what they had to do.

Methods of attack and defense

Before launching an attack, the hacker figures out how to carry it out with maximum effect. If the attacked node has several vulnerabilities, the impact can be carried out in different directions, which will greatly complicate the countermeasures. Therefore, it is important for each server administrator to study all his "bottlenecks" and, if possible, strengthen them.

flood

Flud, in simple terms, is information that does not carry a semantic load. In the context of DoS / DDoS attacks, a flood is an avalanche of empty, meaningless requests of one level or another that the receiving node is forced to process.

The main purpose of using flooding is to completely clog communication channels, to saturate the bandwidth to the maximum.

Flud types:

  • MAC flood - impact on network communicators (blocking of ports by data streams).
  • ICMP flood - flooding the victim with service echo requests using a zombie network or sending requests “on behalf of” the attacked host so that all members of the botnet simultaneously send it an echo response (Smurf attack). A special case of ICMP flooding is ping flooding (sending ping requests to the server).
  • SYN flood - sending numerous SYN requests to the victim, overflowing the TCP connection queue by creating a large number of half-open (awaiting client confirmation) connections.
  • UDP flood - works according to the Smurf attack scheme, where UDP datagrams are sent instead of ICMP packets.
  • HTTP flood - flooding the server with numerous HTTP messages. A more sophisticated option is an HTTPS flood, where the transmitted data is pre-encrypted, and before the attacked node processes it, it has to decrypt it.


How to protect yourself from flooding

  • Configure network switches to validate and filter MAC addresses.
  • Restrict or disable the processing of ICMP echo requests.
  • Block packets coming from a specific address or domain, which gives reason to suspect him of unreliability.
  • Set a limit on the number of half-open connections with one address, reduce their retention time, lengthen the TCP connection queue.
  • Disable UDP services from receiving traffic from outside, or limit the number of UDP connections.
  • Use CAPTCHAs, delays, and other bot protection techniques.
  • Increase maximum amount HTTP connections, configure request caching with nginx.
  • Expand the bandwidth of the network channel.
  • If possible, allocate a separate server for processing cryptography (if used).
  • Create a backup channel for administrative access to the server in emergency situations.

Overloading hardware resources

There are flood types that affect not the communication channel, but the hardware resources of the attacked computer, loading them to the fullest and causing a freeze or crash. For example:

  • Creating a script that will post on a forum or website where users have the opportunity to leave comments, a huge amount of meaningless textual information until all disk space is filled.
  • The same, only the server logs will fill the drive.
  • Loading a site where some kind of transformation of the entered data is performed by continuous processing of this data (sending the so-called "heavy" packets).
  • Loading the processor or memory by executing code through the CGI interface (CGI support allows you to run some external program on the server).
  • Triggering a security system that makes the server inaccessible from the outside, etc.


How to protect yourself from overloading hardware resources

  • Increase hardware performance and disk space. When the server is running in normal mode, at least 25-30% of the resources should remain free.
  • Enable traffic analysis and filtering systems before sending it to the server.
  • Limit the use of hardware resources by system components (set quotas).
  • Store server log files on a separate drive.
  • Distribute resources across multiple independent servers. So that if one part fails, the others remain operational.

Vulnerabilities in operating systems, software, device firmware

There are immeasurably more options for carrying out such attacks than with the use of flooding. Their implementation depends on the skill and experience of the attacker, his ability to find errors in the program code and use them for his own benefit and to the detriment of the resource owner.

Once a hacker discovers a vulnerability (a bug in software that can be used to disrupt the system), he will only have to create and run an exploit - a program that exploits this vulnerability.

Exploitation of vulnerabilities is not always intended to cause only a denial of service. If the hacker is lucky, he will be able to gain control over the resource and dispose of this "gift of fate" at his discretion. For example, use to distribute malware, steal and destroy information, etc.

Methods for countering the exploitation of vulnerabilities in software

  • Timely install updates that close the vulnerabilities of operating systems and applications.
  • Isolate from third-party access all services designed to solve administrative tasks.
  • Use tools for continuous monitoring of the operation of the server OS and programs (behavioral analysis, etc.).
  • Refuse potentially vulnerable programs (free, self-written, rarely updated) in favor of proven and well-protected ones.
  • Use ready-made means of protecting systems from DoS and DDoS attacks, which exist both in the form of hardware and software systems.

How to determine if a resource has been attacked by a hacker

If the attacker succeeded in reaching the goal, it is impossible not to notice the attack, but in some cases the administrator cannot determine exactly when it began. That is, from the onset of an attack to noticeable symptoms, sometimes several hours pass. However, during the latent impact (until the server "lay down"), certain signs are also present. For example:

  • Unnatural behavior of server applications or operating system(hangs, crashes, etc.).
  • CPU load, RAM and the storage capacity increases sharply compared to the initial level.
  • The volume of traffic on one or more ports increases significantly.
  • There are repeated requests of clients to the same resources (opening one page of the site, downloading the same file).
  • Analysis of server logs, firewall and network devices shows a large number of repetitive requests from various addresses, often directed to a specific port or service. Especially if the site is focused on a narrow audience (for example, Russian-speaking), and requests come from all over the world. At the same time, a qualitative analysis of traffic shows that the requests do not make practical sense for customers.

All of the above is not a 100% sign of an attack, but it is always a reason to pay attention to the problem and take appropriate protective measures.

DoS attacks are attacks that lead to the paralysis of the server or personal computer due to the huge number of requests arriving at a high speed to the attacked resource. If such an attack is carried out simultaneously from a large number of computers, then in this case one speaks of DDoS attack.

DoS- Denial of Service- attack on "denial of service". This attack can be carried out in two ways. With the first method A DoS attack uses a vulnerability in the software installed on the attacked computer. Using such a vulnerability on a computer, you can cause a certain critical error, which will lead to a violation of the system.

In the second method, the attack is carried out by simultaneously sending a large number of packets of information to the attacked computer. According to the principles of data transfer between computers in a network, each packet of information sent by one computer to another is processed for some specific time.

If at the same time another request arrives at the computer, then the packet enters the “queue” and occupies a certain amount of the physical resources of the system. Therefore, if a large number of requests are sent to the computer at the same time, then excessive load will cause the computer to “hang” or disconnect from the Internet in an emergency. This is exactly what the organizers of a DoS attack need.

A DDoS attack is a type of DoS attack. Distributed Denial of Service- “distributed denial of service” - organized using a very large number of computers, due to which servers can be attacked even with a very large bandwidth of Internet channels.

Sometimes the effect of a DDoS attack "works" by accident. This happens if, for example, a link was placed on a site located on the server in a popular Internet resource. This causes a huge surge in site traffic ( splash dot effect), which acts on the server in a similar way to a DDoS attack.

DDoS attacks, unlike simple DoS attacks, are most often carried out for commercial gain, because hundreds of thousands of computers are needed to organize a DDoS attack, and not everyone can afford such huge material and time costs. To organize DDoS attacks, attackers use a special network of computers - botnet.

A botnet is a network of computers infected with a particular type of virus. "zombie". An attacker can control each such computer remotely, without the knowledge of the owner of the computer. With the help of a virus or a program that skillfully disguises itself as “useful content”, malicious program code is installed on the victim computer, which is not recognized by the antivirus and operates in “stealth mode”. At the right moment, at the command of the botnet owner, such a program is activated and starts sending requests to the attacked server.

When conducting DDoS attacks, attackers often use "DDoS cluster"- a special three-level architecture of a network of computers. This structure contains one or more control consoles, from which a signal about a DDoS attack is directly sent.

The signal is transmitted to main computers- "transmitting link" between control consoles and agent computers. Agents These are computers that directly attack the server with their requests. Both host computers and agent computers are, as a rule, "zombies", i.e. their owners do not know that they are participants in a DDoS attack.

Methods of protection against DDoS attacks are different depending on the type of attack itself. DDoS attacks include the following types:

UDP flood - an attack by sending a lot of UDP packets to the address of the "victim"; TCP flood - an attack by sending many TCP packets to the address of the "victim"; TCP SYN flood - an attack by sending a large number of requests to initialize TCP connections; ICMP flood - an attack due to ICMP ping requests.

Attackers can combine these and other types of DDoS attacks, which makes such attacks even more dangerous and difficult to eliminate.

Unfortunately, there are no universal methods of protection against DDoS attacks. But following some general rules will help reduce the risk of a DDoS attack or deal with its consequences as effectively as possible.

So, to prevent a DDoS attack, it is necessary to constantly monitor the elimination of vulnerabilities in the software used, increase resources and disperse them. Be sure to have at least the minimum DDoS protection software package installed on your computer. These can be ordinary firewalls (firewalls) and special anti-DDoS programs. To detect DDoS attacks, special software and hardware systems should be used.

The goal of a DDoS attack can be either to block a competitor's project or a popular resource, or to gain complete control over the system. When promoting a site, it is taken into account that DoS conditions occur for the following reasons:

  • due to errors in the program code that lead to the execution of invalid instructions, access to an unused part of the address space, etc.;
  • due to insufficient validation of user data, which can lead to a long (or infinite) cycle, increased consumption of processor resources, memory exhaustion, etc.;
  • due to a flood - an external attack through a large number of malformed or meaningless requests to the server. There is a flood of the TCP subsystem, communication channels and the application layer
  • due to external influence, the purpose of which is to cause false alarm protective system and, as a result, lead to the unavailability of the resource.

Protection

DDoS attacks make it more difficult, because if the server is down for a long enough time, pages fall out of the index. To detect a threat, signature, statistical and hybrid methods are used. The former are based on qualitative analysis, the latter on quantitative analysis, and the third combine the advantages of the previous methods. Countermeasures are passive and active, preventive and reactionary. The following methods are mainly used:

  • elimination of personal and social reasons that encourage people to organize DDoS attacks,
  • blackholing and traffic filtering,
  • elimination of code vulnerabilities during search engine optimization site,
  • increasing server resources, building duplicated and distributed systems for back-up servicing of users,
  • technical and organizational-legal impact on the organizer, sources or attack control center,
  • installation of equipment to repel DDoS attacks (Arbor Peakflow®, DefensePro®, etc.),
  • purchase of a dedicated server for website hosting.


RELATED ARTICLES