IONOS DDoS Defense Mechanism

Distributed Denial of Service (DDoS) is an attack that intentionally causes a targeted system to become overloaded. For this purpose, the attacker sends such a large volumes of requests to the target system by means of a very large network of distributed computers so that the target system is completely busy and no longer accessible. The targeted system can be for example a website, an application, or a network.

Most often, the attack is carried out with a botnet. The botnet consists of a large network of computers infected with malware. The malware is used to take over and remotely control the computers. In the recent past, devices such as routers, smart TVs, mobile phones, security cameras, set-top boxes, and digital video recorders have started to recently play a role for these attacks.

Strategies of the Attackers

The strategies used by attackers can be divided into the following categories:

Bandwidth overload: The aim of this strategy is to overload the network interface of the targeted systems. These kind of attacks directly attack the target networks and their connecting devices. In this case, the bandwidth is completely used so that the target system can no longer be reached.

System resource overload: This attack strategy aims to overload the available resources of target systems such as a web server. This strategy exploits the fact that the target system can only establish a limited number of connections. The attacker sends a very large number of invalid requests to the target system, which exhausts resources. Due to the overload, the system can no longer serve valid requests.

Application-layer attacks: These attacks exploit specific vulnerabilities in an operating system or program to trigger software errors or system crashes. Examples of these attacks include floods of HTTP requests on a login page or WordPress pingback attacks. 

Pingbacks are set by WordPress when a blogger links external posts in their content. The blogger of the original post will receive automatically a notification which is displayed in the comments section. A WordPress pingback attack exploits this feature and sends a fake pingback request in large numbers to different WordPress blogs. Then these blogs send a request to the target system and block it. 

The Defense Mechanism from IONOS

IONOS offers a free and managed Distributed Denial of Service defense mechanism for vServers, Cloud Servers and Dedicated Servers to ensure that your IONOS hosted IT resources remain secure and resilient to DDoS attacks. 

The Distributed Denial of Service defense mechanism is activated by default and does not require any additional configuration or subscription.

Every time an attack is identified, the Distributed Denial of Service defense mechanism redirects all suspicious traffic to a filtering platform. There, the DDoS traffic is filtered. Only valid traffic is forwarded to your server, the rest is blocked.