How Can ISP's Help with DDoS Mitigation?

We have seen it time and time again, DDoS attacks against organizations causing network interruptions and downtime. (What else is new?)

These Organizations at times are hopeless at the hands of the attackers sometimes even for ransom. Think of a small or medium business with a 50Mbps internet connection that is getting attacked. What options does that organization have?

Sure if they pay extra for a subnet with BGP peering and have the technical know-how, they can black hole the traffic. But this is costly and often times the smaller businesses don’t have the technical staff to have a security team keeping watch.

The other option is to increase bandwidth when the attack happens, but how reasonable is that?  What is the guarantee that the attack won’t grow? Larger attacks are reaching the Gbps an SMB simply can’t afford that costs.

The best option is getting a DDoS protection service offered via the ISP or, Interconnect anti-DDoS services are normally offered at the ISP level or carrier level. Also, there are CDN’s (Content Delivery Networks).

Part of the reason why you would want to go with an ISP or a Carrier for DDoS protection is that they have much more network infrastructure than you.  They have all the expertise ready, and often for much less that it would cost for you to run a solution yourself.

Anti DDoS solutions range from free to several thousands of dollars depending on the protection level; however, remember you get what you pay for.

The Anti-DDoS providers usually offer tiers or actions for what they offer such as Null route the traffic where the traffic for the IP address that is under attack is re-directed into the carrier's core.

The issue with the above solution is that a null route will take down all of the traffic destined to that IP address. So if you are hosting a website or an email server then you have completed the job for the attacker… and don’t even think about changing the DNS entries the attacks can target the domains.

The other option is traffic scrubbing. This technique is optimal and it is more costly. With this technique, the ISP will drop the bad traffic using algorithms that detect bad traffic such as SYN floods or UDP flood.

The CDN approach like that used at  https://www.cloudflare.com/ has some limitations if the server itself is being attacked via the IP address. That means the CDN will not help. However, the Cloudflare service acts as a buffer between your web server and the internet. All web requests are filtered through the CDN and then scrubbed and delivered to the server.

At the end of it all, DDoS attacks cost money (sometimes a lot of money), especially for e-commerce websites. Imagine not being able to sell your product’s on your websites due to a DDoS attack.

The protection is a lot cheaper than the cost of a successful attack. Businesses need to adopt services to protect themselves from these ever growing powerful attacks.