Distributed denial of service

The Australian Cyber Security Centre provides you with up-to-date advice on current threats and vulnerabilities, as well as guidance on mitigation and cyber security best practice.

What is a distributed denial of service attack?

A distributed denial of service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic.

DDoS usually uses a network of compromised systems to flood sites with connection requests, causing the website or server to slow down or crash entirely.

A recent trend is for DDoS to be used for extortion, where a business is threatened with an attack against its website unless it makes a payment. These threats can be accompanied by a small DDoS activity—or a brief larger one—to demonstrate capability.

You should consider the business, financial and social impact of a DDoS attack on your online services. If a service is critical to your organisation, consider how to protect it against an attack.

It is generally not practical for most organisations to host infrastructure in-house that can defend against large-scale DDoS attacks. Using services such as Content Delivery Network (CDN) or a DDoS mitigation provider is essential. These sit between an ‘origin server’—a server you manage that provides your content—and the users of your online service on the Internet. Any traffic directed at your online service has to go through the CDN or DDoS mitigation provider first, allowing any attack traffic to be dealt with before it hits your infrastructure.

How do I recover from a DDoS attack?

  • Never respond to extortion emails, even to refuse payment.

  • Contact your internet service provider, CDN or DDoS provider to get assistance.

  • Initiate your incident response plan.

How do I prevent DDoS attacks?

You can take a few simple steps to prevent DDoS attacks:

  • Regularly apply IT security patches to your website.

  • Use a DDoS mitigation provider or CDN to front your online services.

  • Be careful not to allow details about the address of your ‘origin servers’ to leak onto the internet, so that attackers cannot attempt to access it directly, bypassing the CDN or DDoS mitigation provider.

  • Protect your ‘origin servers’ from direct access by implementing network filtering that limits access to traffic coming through your CDN or DDoS mitigation provider.

  • Harden DNS servers against DDoS attacks.

  • Consider mirroring part or all of your DNS infrastructure with DDoS resilient DNS providers.

  • Run online services on different infrastructure to your critical business systems where practical.

  • Have an incident response plan in place that accounts for DDoS attacks, and conduct exercises to ensure that the plan is effective.

Stay ahead of the latest cyber threats. Sign up for Stay Smart Online alerts, a free service to inform you of the latest cyber threats and how to manage them.