DDoS attacks are no longer something you just read or hear about. They're now something you're likely to experience. Which begs the question - is VPN DDoS protection a real thing?
Since VPNs can do so much to protect your online data, they should be able to help you with this threat too, right?
After all, it's a pretty serious problem. Just last year, major DDoS attacks increased by around 967%! And if you enjoy playing online video games (who doesn't?), you're very likely going to be a target since approximately 79% of them target the gaming industry.
Well, the short answer is that yes, a VPN can protect you against DDoS attacks. If you want to learn more about that, though, keep reading.
What Are DDoS Attacks?
DDoS stands for Distributed Denial of Service. DDoS attacks are a malicious way cybercriminals or average Internet users try to overflow a network with unwanted traffic and requests, preventing it from accepting legitimate traffic. The end goal is to force said network offline.
To run DDoS attacks, hackers employ a network of computers called a botnet. They will normally infect devices with malware which will turn them into bots, and add them to the network. More often than not, people aren't even aware their computers are part of a botnet.
Because of how DDoS attacks work, it's hard to trace them - especially since the traffic/request flood is coming from legitimate sources that were infected.
DDoS attacks are normally illegal, and for good reason. Not only can they forcibly disconnect you from the web any time, but they can also cost businesses up to $50,000 per attack.
Besides companies, hackers also target average gamers with DDoS attacks over random disputes. After all, they have no problem targeting tech giants like EA, Steam, and Sony, and DDoS attacks are pretty easy to buy - not to mention cheap at around $10/hour!
What About DoS Attacks?
DoS stands for Denial of Service, and DoS attacks are the origin of DDoS attacks. Though, nowadays, DoS is more like the little brother of DDoS since it isn't as powerful and efficient.
DoS attacks have the same goal as DDoS - taking a network offline. Unlike DDoS, a DoS attack is more of a one-man job kind of thing. Because of that, they normally only target individual IP addresses, particularly those belonging to gamers.
However, in the end, a DoS attack will - at best - keep a target offline for a few minutes or hours if the hacker is really lucky. Worst case scenario, this kind of attack will only cause slowdowns to the target. Of course, either result is annoying when it happens out of the blue or repeatedly.
3 Kinds of DDoS Attacks Hackers Might Use
This is optional to read through since you don't really need this information if you just want to learn about VPN DDoS protection.
But if you want to learn more about DDoS to understand how hackers target you, we're going to give you a quick overview of the three categories of attacks they can use. In case you'd like to learn more about the many types of DDoS attacks they use, follow this link.
So, let's get started:
1. Protocol Attacks
This kind of attack consumes server resources to take a network down. If that's not possible, it will try to consume the resources of intermediate communication equipment, which is fancy talk for load balancers and firewalls. Protocol attacks are measured with packets per second (Pps).
Examples of protocol DDoS attacks include:
- Ping of Death - Hackers use pinging as a delivery method for abnormal packets to crash a system.
- Smurf DDoS - These attacks use a large amount of ICMP echo request packets, and relies on amplification vectors to increase the payload.
- SYN floods - Cybercriminals take advantage of the three-way handshake needed for each TCP session by hitting you with a huge number of requests until your network can't keep up.
- Fragmented packet attacks - Attackers exploit the IP's MTU unit to crash a system with fake ICMP and UDP packets or by preventing TCP/IP packet reconstruction.
2. Volume-Based Attacks
Pretty simple DDoS attacks, and the most common ones too. Their main goal is to consume all the bandwidth between you and the web to the point where you're forced offline. Volume-based attacks (also called volumetric attacks) are measured with bits per second (Bps).
Some of the most common examples include:
- UDP floods - Hackers flood random ports on a remote host with UDP packets to exhaust its resources.
- ICMP floods - These attacks overwhelm a host by flooding it with ICMP Echo Request packets without waiting for it to reply.
3. Application Layer Attacks
These DDoS attacks target applications - specifically the layer where the webserver will respond to requests and generate web pages. The idea is to flood the server with legitimate requests (like refresh requests) until it crashes.
Application layer attacks are measured with requests per second (Rps), and some examples include:
- GET/POST floods - Also called "HTTP attacks," these DDoS methods rely on attacking a web server or app with GET and/or POST requests that seem harmless.
- Low-and-slow attacks - Hackers attempt to exhaust web server or application resources by targeting them with seemingly legitimate traffic at a snail's pace.
How Does a VPN Protect Against DDoS Attacks?
It's really simple - a VPN hides your IP address when you connect to a server and replaces it with the VPN server's IP address.
Without your personal IP address or your business' web server IP address, hackers can't locate your network. So, they can't DDoS it at all.
VPN providers might use other features to protect you from DDoS attacks, though. For example, they could automatically block any unwanted traffic that targets your device. And business-oriented VPNs might even include firewalls to offer even more protection.
Doesn't a VPN Lower Your Speeds?
Yes, this can happen, and it can be an issue - especially if you're a competitive gamer. But you need to understand there are multiple factors that can impact your online speed when using a VPN. And there are actually things you can do to keep your speeds relatively stable.
Can Hackers DDoS VPN Servers?
Well, they can definitely try to do that. Back in 2016, a hacker group called Armada Collective tried to blackmail blackVPN into paying a ransom (around $4,600) to avoid a DDoS attack. They didn't give in, and the hackers did launch a DDoS attack, but it wasn't too severe - just small-scale. But it still managed to cause disruptions for an entire day.
Normally, hackers DDoS-ing VPN servers shouldn't be a huge issue if the VPN provider is ready for it. If they're not, they can experience serious disruptions to the point where their service won't work for days or weeks.
But if they're ready for these kinds of attacks, they shouldn't be a threat. VPN DDoS protection for servers will work differently depending on the provider's methods, though.
For example, PureVPN uses a mechanism that can combat 480Gpbs DDoS attacks. ProtonVPN, on the other hand, has a unique feature called Secure Core that protects user traffic against network-based attacks by routing it through multiple servers before it leaves their network.
Can't You Just Ask Your ISP to Change Your IP Address?
Well, you can do that. But we wouldn't say it's the most efficient method. After all, you'd have to call your ISP every time someone DDoS-es you. They might change your IP address the first or second time. But if you keep coming back with the same problem, they might say there's nothing they can do.
What's more, some ISPs might actually tell you to report this to the police. While you can do that since DDoS attacks are normally illegal, it won't really solve your issue. Instead, you'll just have more hassle to deal with on top of the DDoS-ing.
Of course, if you have a dynamic IP address, you should be able to change it by just restarting your modem (turning it off and on). When you do that, your ISP will automatically assign you a new one. Though, let's face it - it's not a convenient solution, especially if the hacker keeps finding your IP address. It's much easier to use a VPN.
What Providers Offer VPN DDoS Protection?
Any provider really. As long as they hide your IP address, and don't suffer any IP leaks, you should be safe from DDoS attacks.
Still, there are providers who clearly advertise that they offer VPN DDoS protection. We already mentioned ProtonVPN and PureVPN, but they're not the only ones. Here's a list of other providers that offer this:
- NordVPN - They have 5,000+ servers to hide your IP address, and they implemented VPN DDoS protection on all of them.
- ExpressVPN - The service has 3,000+ servers and useful features like a Kill Switch, split tunneling, and DNS/IPv6 leak protection.
- VyprVPN - They have 200,000+ IP addresses and a NAT firewall to block unwanted inbound traffic.
- TorGuard - The VPN runs dedicated IP addresses with non-stop VPN DDoS protection that automatically blocks abusive traffic, and protects against large-scale attacks.
- OctoVPN - A self-proclaimed "DDoS Protected VPN," this service is specifically aimed at gamers. The service even has a custom firewall with anti-DDoS rules and attack alerts (email, push, and Discord).
To Sum It All Up
Yes, a VPN can protect you against DDoS attacks. It hides your IP address, so whoever wants to DDoS you can't find your network anymore.
What's more, some providers will even offer VPN DDoS protection (basically features like a NAT firewall, auto-block for unwanted traffic, a large number of IP addresses, etc.).
Which VPN service do you like to use to protect your network from DDoS-ing? Also, go ahead and let us know if there are other providers that advertise VPN DDoS protection which we didn't add to our list.