Warding off DDoS Attacks with Anti-DDoS — Part 2: Mitigating DDoS Attacks

By Shantanu Kaushik

Struggling with DDoS Attacks? Get Free Support Now! Contact Us >>

Understanding threats and the scale of damage threats can cause helps organizations evolve. Disruption in business continuity causes losses and damages the business’ reputation. DDoS attacks have become prevalent over the years and gained the attention of cybersecurity experts. This led to a sophisticated understanding of DDoS and how these attacks can be mitigated.

Alibaba Cloud launched a collaborative global DDoS protection service as an effective counter-measure against DDoS attacks. We will discuss it at length in the next article of this series. Let’s take a look at the architecture of this initiative to record the relevant details:

In this article, we will discuss effective ways to mitigate DDoS attacks using products from the Alibaba Cloud lineup. As we discussed previously in Part 1, some of the most common types of DDoS attacks are:

1. Application Layer Attacks

These attacks use techniques like HTTP and DNS flood to induce a denial of service. They consume all the resources for application processing on the server.

2. Network Layer Attacks

A huge volume of traffic is directed towards the server network. This seizes the network bandwidth to induce a denial of service. UDP amplification and NTP flood attacks are common examples.

3. Session Layer Attacks

The attacker bots consume the SSL session resources to induce a denial of service.

4. Transport Layer Attacks

The attacker uses SYN flood and connection flood to induce a denial of service within the transport layer. In this scenario, the connection pool resources of a server get clogged.

Mitigating DDoS Attacks

Alibaba Cloud provides superb public cloud resources and services like Auto Scaling. You can optimize your service architecture using these services to mitigate DDoS attacks. Let’s take a look at more information below:

  • Performance Evaluation

Migrating to any service requires careful consideration and testing to retain any business values or business applications running on an on-premise setup. Stress testing the infrastructure is recommended to get a detailed overview of how your server and network resources will behave during a DDoS attack that primarily stresses the resources.

  • Use Alibaba Cloud Elastic Resources

Alibaba Cloud Server Load Balancer (SLB), Cloud Monitor, and an active geo-redundancy architecture can handle massive traffic surges. Alibaba Cloud ensures that you can mitigate DDoS attacks, avoid single point of failure (SPOF), and avoid any resource-hogging attacks by properly balancing resources using SLB.

  • Auto Scaling

Deploying Alibaba Cloud Server Load Balancer (SLB) and Auto Scaling can help reduce the risk of DDoS attacks drastically. Auto Scaling automatically adjusts the computing resources based on traffic demands or according to any policies set. Auto Scaling helps mitigate and avoid application layer and session layer DDoS attacks by automatically adding servers to maintain service availability and performance throttling.

  • Configuring DNS

It is always a wise idea to configure your DNS resolution to avoid any attacks. Enabling TTL, DNS client authentication, ACL implementation, and avoiding unknown DNS responses can lead to an effective mitigation technique for DDoS attacks.

Any implementation should be checked and optimized at regular intervals. We advise isolating any irrelevant services and unused applications to optimize resource usage. This enables a better response system and helps mitigate any DDoS attacks.

  • Implementing a Virtual Private Cloud (VPC)

A Virtual Private Cloud (VPC) is an excellent resource to enable the isolation of resources and environments. In a hybrid cloud setup, Alibaba Cloud VPC is an excellent service that creates a secure environment for systems to intercommunicate. VPC can prevent attacks by isolating network resources.

  • Define a Security Group

Security Groups can help drastically lower the DDoS attack ratio. You can effectively control the number of open ports by defining a security group, depending on service requirements. Uncontrolled security policies can overstress your system and cause failure. You can lower public exposure and mitigate attacks by defining an effective security policy.

An effective monitoring service can lower the chances of an attack on your service. Also, enabling an effective prevention policy based on monitoring and metrics collection will ensure heightened emergency plans to ward off DDoS attacks.

  • Cloud Monitor

Alibaba Cloud Monitor is an effective tool to monitor and collect metrics for your Alibaba Cloud resources. This allows for optimized systems with a highly viable alert system to mitigate any attacks.

  • Alibaba Cloud Anti-DDoS Monitoring

Alibaba Cloud Anti-DDoS Basic is a completely free solution that helps mitigate DDoS attacks. Anti-DDoS Basic can send alerts about service fluctuations due to heavy traffic or when it detects a DDoS attack.

You can come up with an emergency plan based on how your service behaves by monitoring your services.

Alibaba Cloud has a strong lineup of security and authorization products. Some of these services are free and activated automatically once you create an account or buy any product or solution from the Alibaba Cloud lineup. Some products include the Web Application Firewall (WAF), Resource and Access Management (RAM), IDaaS (Identity as a Service), Cloud Firewall, and Anti-DDoS solutions.

These products can help you mitigate any cyber attack and retain business continuity when deployed correctly. Alibaba Cloud offers comprehensive product options and DDoS emergency support to help you recover from a denial of service.

Wrapping Up

Distributed Denial of Service (DDoS) attacks have grown significantly over the years and a major concern. Enterprises are getting affected by the wide-spread impact of DDoS, which causes economic loss and affects the organization’s reputation.

Alibaba Cloud has executed extensive research to roll out its Anti-DDoS service. It is available in Basic, Pro (Mainland China), Premium (World), Origin, and GameShield variants. In the next article of this series, we will discuss the Alibaba Cloud Anti-DDoS service and its usage.

  1. Warding off DDoS Attacks with Anti-DDoS — Part 3: Alibaba Cloud Anti-DDoS
  2. Warding off DDoS Attacks with Anti-DDoS — Part 4: Global DDoS Collaborative Protection and GameShield

Original Source:



Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com