DDoS protection, does my server need it?

network photo

Photo by Bruno Girin

Many of us have heard about DDoS attacks recently, as they are becoming more and more common and reported in the news. Some of us may have been targeted by them, or otherwise impacted. A question we get from a lot of customers is “Do I need DDoS protection?”

The answer is much like “what is love?”: You’ll know it when you see it. That is to say, if you need DDoS protection, you’ll definitely know that you need it. If you don’t know if you need it or not, you probably don’t.

Contrary to popular belief, DDoS attacks are not random like car accidents, and so DDoS protection is not like “insurance” against something that might happen to you unexpectedly. Most DDoS attacks are generally as retaliation when someone feels they have been wronged. In most cases, the person being attacked is not surprised they are being attacked, and even has a good idea of who is doing it. Because of this, the best protection against DDoS attacks is simply to not intentionally piss people off on the internet.

DDoS protection is also very expensive. Because of this, DDoS protection therefore is something you generally only buy if you already are the target of frequent attacks. The required equipment to protect against DDoS attacks can cost hundreds of thousands of dollars, and the internet connectivity and staffing required to provide effective protection can easily cost tens of thousands of dollars per month. Unless you are being targeted by these attacks, you are unlikely to want to pay for this kind of protection. For this reason, people who receive DDoS attacks generally host with companies that specialize in this very expensive protection. By spreading the protection costs out among all their customers, this extremely expensive service can be brought down to more manageable (but still costly) levels.

For the above reasons, an average customer with a server will rarely need DDoS protection, as it provides them with little or no benefit and comes with significant costs. As well, customers who receive lots of attacks will tend to do business with the few companies that do offer protection. Because these companies almost exclusively host customers who get attacked frequently, these DDoS protection hosting providers receive attacks constantly. Even with the expensive hardware protection they have, the biggest attacks will still cause problems for all customers on their network. This can lead to downtime, even for customers who are not the targets of these attacks. For this reason, unless you are targeted by attacks yourself, it is better to host with a provider that does not offer its customers ddos protection. If a provider’s other customers get attacked, you may see downtime even if you are not targeted, so it is best to avoid hosts who intentionally attract customers who are the targets of attacks.

For all of these reasons, the best protection against DDoS attacks is to 1) Not to receive them yourself, by not intentionally antagonizing people on the internet, and 2) Not to host on the same network with lots of customers who routinely receive attacks. I realize this is not always possible, and some websites or services will become the target of DDoS attacks. If that’s the case for you, then certainly hosting with a provider who offers DDoS protection, or using cloudflare or a similar service, would be advisable.

The important thing to remember is, if you need to ask “do I need DDoS protection”, the answer is probably no.

If you have any questions about this information, or want to learn about ioflood.com dedicated servers, email us at sales [at] ioflood.com