What to do if APP applications are attacked by DDOS? Effective protection and emergency measures

1.What is a DDOS attack?    

DDoS attack is a Distributed Denial of Service attack. It is a common and difficult to defend against attackers. By controlling a large number of botnets (puppet machines), like the target server sending a large number of malicious requests, consuming the server's resources, thereby forcing the server to go down.  

For example, you now open a coffee shop with a store that is only 30 square meters and can only accommodate 10 people normally. Suddenly, 1,000 people came today. These people are not real customers, they are malicious. Your coffee shop exploded instantly and could not open normally.

2. Types of DDOS attacks  

Transport layer DDos attacks: (Syn Flood, Ack Flood, UDP Flood, ICMP Flood, RstFlood), DNS DDos attacks, connectivity DDos attacks, Web application layer DDos attacks (HTTP Get Flood, HTTP Post Flood, CC)  

Network layer attack: (UDP reflection attack)-Transport layer attack (SYN Flood attack, connection number attack)-Session layer attack (SSL connection attack)-Application layer attack (DNS flood attack, HTTP flood attack (i.e. CC attack), game dummy attack)

No matter which attack, the target is the same, list several common types of descriptions:

• Capacity
• Protocol
• Application

These three attack types are divided into many types, such as UDP, ICMP, IP, TCP, http flood and other variants, as well as the current AI collaborative attacks. The following CDN5 engineers will explain the above types step by step.

1. Capacity consumption attack

As the name suggests, capacity consumption is to make the target server request exceed the load through an attack, and then crash, including UDP, CHARGEN, ICMP

• UDP flood attack

UDP protocol sends data packets to targets through ports. Currently, the server will automatically process after receiving the data packet. The attacker attacks the servers within the network through IP addresses and ports embedded in the UDP packets, and exhausts the targets through a large number of requests. Common ones include: DNS, NTP, SSDP, IP voice, p2p, SNMP, QOTD, STEAM, etc. Variants include UDP fragmentation, UDP amplification attack (the protocol is usually SNMP, SSDP, NTP)

• CharGEN flood   

​CharGEN protocol originated from 1983. Its purpose is to debug, measure, and request port 19 to send TCP or UDP requests to trigger. Attackers will generally forge the IP address of the target server and run CharGEN networked devices to send requests. Then these devices respond to the request and bombard with port 19. If the firewall does not block port 19, it will crash.

• ICMP flood

The Internet Control Message Protocol consists of specific messages or operation commands sent between network devices, such as timestamps, timeout errors, echo request ping commands, etc. The attacker consumes incoming and outgoing broadband by sending a large number of forged ping packets. There is now ICMP fragment attack, which has similar principles.

• Abuse of applications​

The attacker obtains high-traffic applications on the legitimate server and then redirects to the target server. Since the packets sent appear to be normal requests, most defense tools will misjudgment, causing the server to be unbearable and downtime.

3. Impact of attacks on APP business:  

• Direct loss: service interruption leads to user churn, transaction failure, and brand trust decline.
• Implicit risk: Attacks may cover up other security threats such as data theft, ransomware implantation
• Compliance risk: If you fail to respond in a timely manner, you may violate data protection regulations (such as GDPR) and face legal accountability.

If you are suffering from a DDOS attack, the best way is to directly access the CDN5 protection SDK: Consult now

4. How to defend against DDOS attacks on APP

• Architecture optimization

Use a distributed architecture to split the business into independent modules, such as user authentication, payment interface, etc., and deploy it in different server clusters to avoid single point of failure.

Procure cloud service provider elastic resources: for example, using Google cloud servers, elastic traffic dynamic quotas.

Close unwanted protocols and ports: close all unwanted ones.

• Multi-layer defense 

High defense IP andHigh defense CDN: Purchase CDN5 high defense IP or high defense CDN, distribute it through nodes to deal with attack traffic and clean malicious requests.

Behavioral analysis engine: use AI algorithms to identify abnormal patterns. For example, a single IP initiates 100 login requests in 1 second, it can be determined as an attack.     
Rate limit and blacklist: Set limit_req_zone to limit request frequency in Nginx configuration, and automatically block abnormal IP.   

• WAF integration

Rule base matching: enable web application firewall (such as CDN5 WAF, Cloudflare rule set), intercept exploits such as SQL injection, XSS, and other vulnerabilities  
Human-machine verification: trigger CAPTCHA verification for suspicious requests, distinguishing real users from automated scripts

API security reinforcement: adopt OAuth 2.0 authentication, request signature, and timestamp verification to prevent the API interface from being abused.

5. How to choose the APP security protection provider?

1. Ensure T-level protection level, elastic broadband and real-time cleaning capabilities.

2.Is the SDK quickly integrated? CDN5's SDK development package, simple integration, fast access, ignoring DDOS and CC attacks.

3. After-sales support: Can the service provider respond immediately and solve the problem.  

Participate in reading: What should I do if the APP application is attacked by DDOS and how to defend it?