How DDoS works
When you type a URL for a web page into your browser, you send a request to that site’s computer system asking to view that web page. DDoS attacks work by 'flooding' a website with false requests to overload the system. As websites and networks can only process a certain number of requests at once, by flooding it this blocks any genuine requests from getting through.
Think of it like intentionally causing traffic jams on a motorway and shutting down a city, by adding thousands of cars to the roads.
What a DDoS attack looks like
A DDoS attack can appear like the following.
- You will be unable to load your website, or it may become so slow that is practically unusable.
- You receive 503 Service Unavailable errors on the website.
- You cannot open files on your network (or shared network of folders).
- Your online experience is slow or unresponsive, including “too many connections” error notices.
- Your internet keeps disconnecting or timing-out your session.
You will need to verify if it is a DDoS attack or an unrelated network issue. The most obvious verification is if you receive a ransom or extortion demand from attackers.
Mitigating a DDoS attack
If you still think your website or network is experiencing unusual activity that sounds like a DDoS attack, you will need help to stop or mitigate it.
- Speak to your Managed Service Provider or website administrator. They will need details of what is being attacked and can provide background context to what may be causing the issue. You can then discuss options for mitigating the attack.
- Report the incident with CERT NZ. CERT NZ can help you through the attack and provide information and guidance on where you can get help to mitigate it. You can report via CERT NZ’s website, with the details you currently have of the attack. It’s important to provide your contact details so we can reach out to offer help. All reports to CERT NZ are treated as confidential.
While you are working through the attack you need to manage your business and other security services.
- Notify your staff or employees of the impact/outage to services and keep them up to date on what is happening and how communications will be relayed.
- Tell your customers and/or clients what is happening. Chances are if your website or front-facing systems are down, it won’t be long before people become aware. It’s a good idea to be proactive about letting them know there is an issue with the service and you’re working on getting it back up and running. We have a full guide on communicating in a cyber security incident that you may find useful.
Preparing for a DDoS attack
Being prepared for a DDoS attack and having DDoS protection in place goes a long way to being able to overcome a DDoS incident.