DDoS FAQ: Frequently asked questions about DoS and DDoS denial of service attacks
What is a distributed denial of service (DDoS) attack?
A denial of service (DoS) attack or distributed denial of service DDoS attack is an attempt to make a computer resource (i.e. – web site, email, voice or an entire network) unavailable to its intended users.
How does a DDoS attack bring down a web site?
By overwhelming a web site and/or server with data and/or requests, the target system either responds so slowly as to be unusable or crashes completely. The data volumes required to do this are typically achieved by botnets, which are networks of remotely controlled infected machines known as zombies.
Who controls these DDoS botnets and how many are there?
Botnets fall under the control of a DDoS denial of service attacker, generally through the use of Trojan viruses. Prolexic currently tracks more than 4,000 command and control servers, which manipulate these botnets for DDoS attacks, and we track more than 10 million bots in our global IP reputational database. Some DDoS experts estimate that one quarter of Internet-connected computers are part of a DDoS botnet.
Should I be worried about DDoS?
Because Internet-facing infrastructures are critical to the profitability of most organizations, the impact of a DoS or DDoS attack can be catastrophic and widespread – affecting your ability to communicate, process transactions or function effectively for hours or even days. On average there are more than 7,000 distributed denial of service (DDoS) attacks observed daily – a number which is growing rapidly.
If my site goes down due to a DDoS attack, how much revenue could I lose?
It all depends. If the purpose of your site is primarily to provide information, financial loss may be minimal. On the other hand, if your site is an e-Commerce engine that drives revenues, your losses due to a DDoS attack could be significant. For example, industry analyst firms estimate the cost of a 24-hour outage for a large e-Commerce company can approach US$30 million.1
Would anyone really want to DDoS attack our company?
Some DDoS targets are obvious: online gaming sites, financial services firms, and payment processors, for example. But we are learning that any company or web site could be a target. In the cyber underworld, it is possible to rent 80,000 -120,000 hosts capable of launching distributed denial of service (DDoS) attacks of 10 to 100Gbps – more than enough to take out practically any popular site on the Internet for just US$200 per 24 hours.
What if I already have a provider of DDoS mitigation services?
Many network or Internet-related service providers offer DDoS mitigation capabilities, and you may be using those already. However, most of these firms rely primarily on automated tools and have limited network capacity to absorb large DDoS denial of service attacks.That’s why many companies eventually find their way to Prolexic. With the largest DDoS protection and mitigation network , proprietary tools, and skilled anti-DDoS technicians who can react in real-time to changing DDoS attack characteristics, we can overcome any denial of service attack. That’s why DDoS attacks end here.
What is an application Layer 7 DDoS attack?
Lately, more and more DDoS hackers have been adding complex Layer 7 DDoS attacks that resemble legitimate traffic. In 2010, 40% of denial of service attacks mitigated by Prolexic included at least one Layer 7 component. Unlike more common regular bandwidth floods, Layer 7 DDoS attacks can be structured to overload specific elements of an application server infrastructure. Even simple DoS attacks – for example those targeting login pages with random user IDs and passwords, or repetitive random searches on dynamic web sites – can critically overload CPUs and databases. Prolexic is the only DDoS protection provider able to mitigate and clean SSL post and GET Flood DDoS attacks.
How quickly can Prolexic get our site back up?
Depending on denial of service attack type, Prolexic can typically provide protection and DDoS mitigation time in just 5-20 minutes after traffic starts to flow through Prolexic’s traffic scrubbing centers .
How do I get more information on Prolexic’s DDoS protection services?
If you’d like more details about our cloud-based DDoS detection and mitigation services for DDoS protection, do one of the following: visit our Knowledge Center, complete this form or call us at + 1 (888) 368 2923.
Alliant Credit Union
Prolexic DDoS protection keeps more than 50,000 daily users onlineDOWNLOAD CASE STUDY >>
Fragrance and Beauty Products Retailer
A DDoS attack takes down this popular site for 24 hours. Prolexic restores in 5 minutes.DOWNLOAD CASE STUDY >>
Leading Online Jewelry Retailer
A DDoS attack took down the site of a premier jewelry retailer for nearly three days.DOWNLOAD CASE STUDY >>
Online Options Trading
Financial services firm avoids extortion attempt. Prolexic keeps web site up during vicious Layer 7 attack.DOWNLOAD CASE STUDY >>
When others couldn't mitigate the latest DDoS attack, a "daily deal" web site called Prolexic: problem solved in 2 hours.DOWNLOAD CASE STUDY >>
A Leading Content Rating Organization
A 9 million packets per second DDoS attack brings down web site before Prolexic steps in.DOWNLOAD CASE STUDY >>
Spa and Wellness Firm
Prolexic quickly stops a combination Layer 4 and 7 DDoS attack after a host's mitigation capabilities falls short.DOWNLOAD CASE STUDY >>
Prolexic mitigates GET flood in minutes for new client after Sunday night emergency call.DOWNLOAD CASE STUDY >>
Web site building and hosting services firm
Prolexic mitigates Layer 4 UDP flood peaking at 6.2 Gbps. Protects 6 million Yolasites.DOWNLOAD CASE STUDY >>
Online Movie Subscription Service
After seeing all traffic route to Prolexic, hackers pull the plug on DDoS attack.DOWNLOAD CASE STUDY >>
IPG Holdings Limited
Prolexic mitigates Layer 7 GET floods targeting payment processing platform.DOWNLOAD CASE STUDY >>
Prolexic mitigates politically motivated attacks against web hosting company's clients.DOWNLOAD CASE STUDY >>
Financial Services Firm Global eSolutions
Prolexic mitigates Layer 3, 4 and 7 attacks against Forex trading platform.DOWNLOAD CASE STUDY >>
Krebs on Security
Prolexic fends off Pandora DNS amplification attacks for popular cyber security blog.DOWNLOAD CASE STUDY >>
e-Commerce Provider of Printed Promotion Items
Prolexic mitigates two-week Layer 7 DDoS attack campaign.DOWNLOAD CASE STUDY >>
Global Blogging Site
Prolexic protects freedom of speech for 30 million users targeted by six-month political DDoS campaign.DOWNLOAD CASE STUDY >>
Online Credit Card Site
Prolexic mitigates Layer 4 DDoS attacks against Ixaris site, EntroPay.com.DOWNLOAD CASE STUDY >>
e-Commerce Web Site
Prolexic mitigates 25-40 Gbps Layer 3 DDoS attacks against online auto parts retailer.DOWNLOAD CASE STUDY >>
Timepieces e-Commerce Site
Prolexic keeps World of Watches ticking after DDoS attack flood site.DOWNLOAD CASE STUDY >>
Prolexic mitigates 16-hour Layer 7 DDoS attack on software distribution site.DOWNLOAD CASE STUDY >>
Henyep Capital Markets
Prolexic keeps Henyep accessible and trading through multiple SYN, GET and ICMP flood attacks.DOWNLOAD CASE STUDY >>
Australia’s #1 Job Search Website
Prolexic keeps Seek.com.au online and incident-free for millions of job seekers.DOWNLOAD CASE STUDY >>
e-Commerce Hosting Provider for Top Tier Sites
Prolexic keeps Americaneagle.com and its customers generating revenueDOWNLOAD CASE STUDY >>
Customer ROI requires online accessibility and reliability
Prolexic ensures Clickpoint! Media's online services are available and incident-freeDOWNLOAD CASE STUDY >>
University Federal Credit Union
Prolexic's mitigation services now protect credit union with US$1.6 Billion in assetsDOWNLOAD CASE STUDY >>
Prolexic mitigates 70 Gbps SYN flood DDoS attack for popular ink retailerDOWNLOAD CASE STUDY >>
Arab National Bank
Builds strong DDoS defense to serve online banking customers and e-trade siteDOWNLOAD CASE STUDY >>
OnCourse Systems for Education
Prolexic succeeded where two other mitigation firms failedDOWNLOAD CASE STUDY >>
Security Bulletin: Crafted DNS Attack
DNS reflection attacks amplified with TXT recordsLEARN MORE >>
IDC Analyst Connection: Addressing the Need of Web Application Firewalls
How web application firewalls strengthen cyber threat defenseLEARN MORE >>
Threat: Shellshock Bash Bug DDoS Botnet
Botnet builders use bug to gain accessLEARN MORE >>
Security Bulletin: Poodle SSLv3 Vulnerability
Man-in-the-middle attacks defeat SSL protectionLEARN MORE >>
Q3 2014 State of the Internet - Security Report
Thriving criminal industry taps into Internet devices, spreads easy-to-use toolsLEARN MORE >>
Threat: SSDP Reflection DDoS Attacks
Misconfigured UPnP devices pose DDoS threatLEARN MORE >>
Big Data – Your Secret Weapon in the War Against Cyber Crime
Free webcast featuring IDC 58:07 minutesLEARN MORE >>
Can You Afford a Web Application Layer Attack?
Why protecting your customers’ personal information is good businessLEARN MORE >>