Your Take on Short DDoS Attacks


HD Moderator
Staff member
The WHIR ran an article years ago entitled, “Report: Short DDoS Attacks Can Have Lasting Security Impact,” in which they delved into the security risks of short DDoS (distributed denial of service) attacks.

I’ve never read any discussion of security risks posed by short DDoS attacks, which makes this article so interesting. As the article lays out, short, low-volume attacks can act as Trojan Horses, allowing cybercriminals to disseminate harmful malware.

In this scenario, the goal of these types of attacks is to obstruct IPS (intrusion prevention systems) and firewalls, distracting that business’s IT security personnel long enough for them to install their malware and pilfer their data.

According to Corero, over 70% typically lasted under ten minutes and nearly the same percentage were under 1 Gbps. The reasoning for this is conjectured to be that these cybercriminals don’t want to show their hands via large scale attacks that could cripple a website. Why not? It allows them an avenue to test for vulnerabilities at little risk of being detected.

Your thoughts …


Staff member
Just today one of my startups, a publishing platform, was dealing with a DDoS attack. 1.2 million IP addresses landed on us in the span of 10 seconds. It didn't tank us completely, but connectivity was painfully slow. Luckily we were able to find a way to effectively block the IPs.

I am not sure how effective this method is when it comes to security as I think someone would need more than a few minutes to do real damage, but it's an interesting point.


DDOS attacks on popular websites are as normal as it can get. There are few interesting facts about these which we have noticed over the years being an infrastructure management provider.
  1. Most of these attacks are easily traceable. So blocking ips or ip ranges takes care of them keeping them short.
  2. Most of these attacks are taken care off without any human intervention because modern day network hardware as well as data centers are smart. So 90% of the time, they do not affect anything.
  3. Once you grow popular and cross a certain traffic level, it is always important to invest on business continuity things like infrastructure security, ddos mitigation, website security and data backups.
  4. Most businesses tend to skip investing on the right things needed for their online businesses to grow and scale. Short DDOS attacks can be as destructive as targeted large attacks due to the fact that they expose the vulnerable part of your business. These type of attacks are actually probe attacks to plan larger impact ones and so it is important to act on even the shortest of attacks.
  5. After attack analysis is something which most businesses do not do. It is important to idenfity the target of the attack to plug in any lapses to prevent further damage as the shorter version may lead to a much more damaging one..
Short DDOS attacks should be taken as warning to review the entire security of your infrastructure and secure all weaknesses found.


New member
I doubt that if you have a good security system in place, such attempts at dark DDoS would be successful. While I wouldn't argue that some attacks would actually target other aspects of a service, most of the DDoS attacks we have handled affected the network speed. With a decent firewall configuration and monitoring, dark DDoS shouldn't be an issue.


DDoS represents a significant threat to business continuity. As organizations have grown more dependent on the Internet and web-based applications and services, availability has become really essential.

DDoS attacks also target the mission critical business applications that your organization relies on to manage daily operations, such as email, salesforce automation, CRM and many others.

Additionally, other industries, such as manufacturing, pharma and healthcare, have internal web properties that the supply chain and other business partners rely on for daily business operations.
I often notice short ddos attacks on some ips but thankfully ovh automatically mitigates it. In places where I dont use ovh, I generally use atleast minimum ddos protected ips so that me and my customers generally dont need to worry too much on ddos.