How to tell when you're under a DDoS attack

Distributed denial of service (DDoS) attacks are on the rise, and now, even smartphones can be utilized as a source of threat by cybercriminals. An internet service provider (ISP), server, IT network, business website, or even the stock market can be the target of a DDoS attack. Its objective is to overwhelm these systems with a tremendous amount of fake traffic in order to slow them down or completely overload them.

Any website, server, or network that is forced to shut down due to an excessive number of fake requests may suffer greatly in terms of lost revenue and poor service delivery. Enterprises and small businesses must make sure they have effective protection in place because DDoS attacks have increased over the past two years.

DDoS Protect is one of the many cyber security services that SEACOM Business offers to companies. This is an automated, intelligent solution that is fully backed by global threat intelligence. To prevent and report on these attacks in real-time, DDoS Protect can be set up on-premises, in-cloud, or as a hybrid service.

How does a DDoS attack work?

There are three main types of DDoS attack, but to put it simply, an attacker sends a large volume of data requests to the target site by using a number of compromised computers or mobile devices that are connected to the internet (called botnets). The main objective is to overwhelm the website, server, or network in order to bring it down.

Since there is so much fake traffic, it can be challenging to stop a DDoS attack once it has begun. Even if the digital system does not shut down, it will undoubtedly slow it down to a crawl, which has a negative impact on how responsive the server, e-commerce platform and website are to users. As a result, revenue is lost, expensive repairs must be made, services cannot be provided, and ransoms can occur.

There are three main types of DDoS attack:

1. Syn flood: An attacker quickly establishes contact with a server without completing the connection. The server must use resources to wait for connections that have only partially opened, which can use so many resources that the system becomes unavailable to legitimate traffic. From 1996 to 2018, this attack was the most common.
2. DNS reflection/amplification: This occurs when an attacker sends DNS requests to an open DNS server using a spoofed Source IP (one that does not reflect the true location). Attackers bombard the DNS server with these altered requests until the target device is overloaded with UDP packets to the point where it is unable to reply to legitimate requests. The danger with this attack is that it is relatively simple to amplify the attack traffic up to 100 times that of the original source traffic. This was the most widely used attack between 2018 and 2021
3. Direct-path flooding: Since 2021, direct-path flooding has become very popular. Attackers are embedding server-class nodes into mainstream Mirai botnets (a botnet designed to infect IoT devices) in order to perform many simultaneous direct-path DDoS attacks while maintaining the ability to direct large volumes of attack traffic towards specific targets at any time.

How can you tell if a DDoS attack is taking place?

Two straightforward indicators can let you know if a DDoS attack is taking place on your digital system. Firstly, a major warning sign would be if your website, online store, network, or server is unavailable for no apparent reason. Secondly, if any of these systems are responding or operating very slowly, it might be an indication of an attack.

These two signs will tell you when further investigation is necessary. But how can you determine whether the significant spike in traffic is real or fake? Typically, the spike that occurs when legitimate traffic is trying to access a server does not last very long. Sustained spikes could be a sign of an attack because they are an intentional attempt to overload the system.

Analytic tools such as Google Analytics are the best way to investigate a spike in traffic. A DDoS attack may be underway if specific traffic sources continue querying certain data sets long after the Time To Live (TTL) has elapsed. When the TTL expires, websites normally discard the data and requests to free up resources and processing power.

Simple indications of a DDos attack

Take note of the following issues if you suspect a DDoS attack is taking place:

• Unresponsive or slow website
• Videos, images, and other content load more slowly than usual.
• "Too many connections" or "503" errors are displayed by sluggish or unresponsive servers.
• Irregular or abnormal traffic patterns, including spikes that happen for no reason.
• A spike in traffic from a single location, web browser version, or type of device.

What to do in the event of an attack

Once you realize that your website or server is under attack it can already be too late if you do not already have DDoS protection in place. If SEACOM Business customers believe an attack is taking place, they are urged to call +254 20 513 3170 right away for support. As threats occur, our DDoS Protect service will automatically monitor, detect, and neutralize them.

Additionally, the software can reroute traffic to available servers so that your business can continue operating. Regardless of how rapidly your business grows, your needs will always be met thanks to this service's complete scalability and flexibility. For more information or to get a quote for our DDoS protection services, email us at marketing@seacom.com or leave us a message.

SEACOM owns Africa’s largest network of information and communications technology (ICT) infrastructure, including fibre optic networks and subsea cables. We offer a wide range of industry-leading scalable ICT solutions for large companies that operate throughout the region.

SEACOM is privately owned - making it adaptable to the needs of the client. We are the preferred ICT and internet connectivity supplier for African enterprises. We can guarantee fast, reliable and secure internet and networking services at affordable prices.

For‌ ‌more‌ ‌information‌ ‌on‌ these solutions, ‌follow‌ ‌us‌ ‌on‌ ‌‌LinkedIn‌,‌ ‌‌Facebook‌ ‌or‌ ‌‌Twitter.‌ ‌Keep‌ ‌an‌ ‌eye‌ ‌on‌ ‌our‌ ‌‌news‌ ‌section‌‌ ‌for‌ ‌industry news and announcements on African ICT, internet connectivity, cloud services and security solutions.