Fighting DDoS Attacks as a Service Provider


Fighting DDoS Attacks as a Service Provider

DDoS attacks are rapidly becoming both more sophisticated and more frequent. Instead of the arbitrary attacks perpetrated by hackers in an effort to gain notoriety, today’s attacks are virtually always launched by serious criminal organizations seeking financial rewards or state-sponsored groups committing an act of political cyber-espionage. While hacktivists tend to target specific agencies or corporations, criminals and foreign governments frequently prefer to create as much chaos as possible by targeting service providers.

How DDoS Attacks Affect Service Providers

For an example of the chaos that a DDoS attack on a service provider can cause, consider what happened in 2016 when three separate attacks were launched in less than 12 hours against systems that Dyn, a major DNS provider, operated. Large numbers of users in North America and Europe were unable to access some of the biggest names on the internet, including Amazon, Netflix, Reddit, CNN, PayPal, Etsy, Airbnb, Fox News, HBO, Spotify, Twitter, and DirecTV. Pinterest, PlayStation Network, the National Hockey League, Quora, Spotify, Visa, Walgreens, Xbox Live, and Zillow were also affected. The Regeringen, the common name for the Swedish national cabinet and supreme executive authority, was affected by the attack, along with the Swedish Civil Contingencies Agency, the authority responsible for civil defense, public safety, and emergency management.

Many of the affected sites lost sales and/or advertising revenue, but there is no consensus on just how costly the attack was for Dyn’s customers. However, according to, Dyn paid a high price. Immediately following the attack, about 14,500 web domains stopped using Dyn. This represented a loss of about 8% of Dyn’s total customer base. However, the true impact could be less or much greater. Some customers may have owned multiple domains, and some customers who dropped Dyn immediately may have quickly returned.

9 Things Service Providers Must Do to Protect Against DDoS Attacks

The Dyn attack brought two seemingly obvious facts into public view: Enterprises depend on service providers for ultimate protection against cyberattacks, and when providers fail to protect them, customers can turn on them in an instant. Most service providers understand their obligations, and few would fault their customers for reacting negatively if they failed to live up to their responsibilities. However, even with this understanding, not every service provider is doing everything possible to fight DDoS attacks. Here are a few ways that you can make sure that you are doing all that you can to protect against DDoS attacks.

  1. Have a plan for responding to a DDoS attack. Just like every organization should have an incident response plan, every service provider should have a well-defined plan and a well-trained abuse team.
  2. Protect the management and control planes. Accept only encrypted and authenticated protocols, make sure that protocols are only accepted from trusted hosts, and use filters to protect the router engine.
  3. Require employees to change their passwords periodically and require strong passwords. Passwords should also be changed whenever there are changes in personnel or equipment. Furthermore, passwords should be changed if a cyberattack is detected even if the attack is unsuccessful.
  4. Eliminate delays by choosing a solution with real-time alerts and integration with back-end infrastructure to give you clear visibility into the event.
  5. Consider using black-hole filtering for traffic directed at a particular destination. If iBGP is used, black-hole filtering can be triggered remotely across your network’s entire perimeter. However, keep in mind that this method is only effective against traffic directed at a specific destination.
  6. Consider diverting traffic to a scrubber to separate the clean traffic from the dirty traffic. Clean traffic can then be delivered to the intended destination.
  7. Report abuse even if you blocked the attack. The more information that service providers share, the easier it can be for cybersecurity specialists to stay a step ahead of the bad actors.
  8. Use Abuse Contact Database for quick and easy reporting of abuse.
  9. Adhere to the Abuse Reporting Format, or ARF, which is the accepted standard for feedback loops. Although it is not mandatory, ARF offers certain advantages for analysts and investigators.


As long as there are botnets, viruses, and people who are willing to commit unlawful acts, there will be DDoS attacks. As long as there are service providers, they will be at risk of being targeted by those who launch DDoS attacks. Service providers must focus on prevention and preparation as well as automated monitoring and reporting of DDoS attacks. Your customers expect you to identify and mitigate attacks within seconds rather than days, hours, or even minutes. Letting them down could have serious financial repercussions for everyone’s business, including your own.

Abusix offers a variety of solutions for service providers and enterprises. To learn more, contact us through the contact form below.

Read More


It’s common knowledge that network abuse is on the increase. The latest statistics from Statista report that the United States...


When the internet became accessible to the public, it quickly became obvious that the new technology had the potential to...


Welcome to part 2 of our series of blog posts dissecting each of the datasets available as part of Abusix...