9.4. Conclusion

We wish to leave you with a final thought, quoted from the wise words of Douglas Adams [Ada80]: "Don't Panic!"

Yes, DDoS attacks are real. Yes, they are serious. Yes, defensive measures are in their infancy and are not always effective against all attacks. And, yes, real people have suffered economic and other forms of damage from DDoS attacks. However, it is equally true that most sites in the Internet have never suffered a DDoS attack (and perhaps never will), most DDoS attacks that do occur are not that serious, and most of these real DDoS attacks can be handled with methods and tools that are available today. We have outlined these defensive approaches in this book. If you take the steps to prepare yourself, the chances are excellent that even should someone direct a DDoS attack at your doorstep, you will withstand the flood and recover quickly.

There is no cause for panic in the foreseeable future, either. As we said earlier, we expect that DDoS attacks will become more common and that use of DDoS attacks for serious purposes, from political statements to crime, will become more prevalent. However, there is much research going on to gain greater understanding of the DDoS threat and to provide more effective and powerful defensive tools. All of the major players in the Internet, including the backbone providers, ISPs, operating systems builders, router and switch manufacturers, governmental and nongovernmental agencies with Internet responsibilities, professional societies of network and system administrators, and the entire computer networking research community, regard DDoS attacks as one of the most significant threats to the future growth and stability of the Internet. All of these groups are committed to providing the Internet's users with the best possible protections against DDoS attacks. As the threats become worse, rest assured that these groups will do all they can to counter them. You have allies in this fight, and powerful ones at that. Ultimately, we believe that the future of DDoS defense is not a silver bullet technical solution, but stronger cooperation on both the human and the technical level.

Now that you have overcome any panic you might have, you should take a realistic second look at your own situation. Is your organization in a position that might be threatened by a DDoS attack? Have you made reasonable preparations to handle such an attack should one occur? If not, and if you are not comfortable with the risk of a DDoS attack dropping your organization off the Internet for some period, now is the time to make those preparations. Many of them are simple, painless, and even cost free. Most of them will have secondary benefits, like also protecting you against other threats or increasing your knowledge and awareness of how your network operates. If you delay taking these precautions, you are putting yourself unnecessarily at risk.

Finally, while we have done the best we can to educate you, our readers, about the threat of DDoS and the methods available to deal with that threat, we must reiterate that neither the threat nor the defensive methods will stay static. After we have finished writing and you have finished reading this book, progress will march on for the attackers and the defenders alike. Taking the steps we outline will help you today, but remember that one of those steps, a particularly important one, is periodically surveying the world of threats and the measures you have taken to counter them. Tomorrow's attacks will be different than today's, and perhaps new countermeasures will be required to deal with them. Like most other security issues, you must remain vigilant. Keep learning, keep watching, keep improving your defenses. Those who follow this final advice are likely to be among the fortunate group who do not fall prey to the DDoS attacks of the future.