In May, BitLaunch launched powerful free DDoS protection on all of its first-party servers. The feature protects our users from DDoS attacks of up to 100gbps, ensuring their hosting is not disrupted and their services stay online.

Though we covered it briefly in our FAQ, today we wanted to take the time to explain a bit more about what a DDoS attack is and how DDoS protection works. Hopefully, this will give a better idea of the current security landscape and help you to feel safer using our service.

DDoS attacks explained

There are many types of DDoS attack, but they have the same general theme: manipulating one a server's protocols to consume a large amount of computing resources. This usually involves flooding your server with a specific packet. We'll explain further by using one of the most popular DDoS attacks, TCP SYN + ACK, as an example.

When a user attempts a connection to a server using the TCP protocol, they have to perform a three-way handshake to ensure a reliable connection is established. First, the user sends a SYN packet. The server returns a SYN-ACK packet to show that it received the request, and the user/client replies with a final ACK to acknowledge that it received the response. After this, data transfer will begin.

A DDoS attacker exploits this process by sending hundreds or thousands of SYN packets from spoofed IP addresses. However, they do not send the final ACK packet, leaving the server waiting for a response, its ports half-open. This can quickly overwhelm a server's resources. It will slow down and eventually be unable to serve content to legitimate users.

As mentioned, this is just one exploit attackers can use to get a server to this state. They can also perform attacks based on TCP amplification, ICMP, SMURF, TCP FIN, UDP, and more. Advanced attacks will even find zero-day exploits that are unknown to the security community.

How DDoS Protection Works

DDoS protection works by sitting in front of the server and analysing incoming traffic with advanced algorithms and heuristics. By doing so, it's able to detect and deflect illegitimate traffic while allowing legitimate traffic through to the server.

In the case of our example, the solution would detect that there's a high degree of SYN packets (with no response) coming from spoofed IP addresses and block them.

However, not all anti-DDoS solutions are made equal. The global network capacity of the service and the severity of DDoS attack determines if it's able to prevent the attack. This capacity can range from hundreds of megabits to terabits, so it's important to get some context.

The largest DDoS attack recorded so far was on Google services in 2017, measuring an incredible 2.54 Tbps. Due to the amount of resources required to perform such an attack, it's very unlikely a regular user or small to medium company would be exposed to this kind of traffic. In the first quarter of 2021, for example, over 97% of layer 3/4 attacks were smaller than 500mbps.

The capacity of BitLaunch's DDoS solution is 100gbps, making it unlikely that an attack against one of our customer's servers would succeed. You can see your inbound and outbound bandwidth at any point in your BitLaunch control panel.

We hope that this guide gave you a better understanding of how these types of attacks are performed and how BitLaunch DDoS protection works to keep you safe. If you'd like a DDoS-protected server without the cost associated with it, you can sign up to BitLaunch today.