Over the holiday period, we have noted several Distributed Denial of Service (DDoS) attacks. The anarchist group Lizard Squad attacked both Xbox (Sony owned) and PlayStation networks that crippled online gaming for the systems. There is speculation that the North Korean network was taken down by a DDoS attack as well. Every day, websites around the world experience DDoS attacks that can be seen on DDoS attack maps. However, what is a DDoS attack and what can be done to stop them?
In a DDoS attack, typically a hacker uses a “Bot” network to send large volumes of traffic to a single website. A Bot network is a group of infected computers under the control of a master computer. These groups can measure from the 10s to the 100s of thousands or more. Each bot sends constant request to the targeted website using up all the bandwidth that the site can handle. Legitimate traffic to the site and not get through. Think of a traffic jam when everyone wants to leave a sports stadium at the same time via one road.
There are other types of attacks as well. Some attacks continually attempt user names and passwords until accounts lock out. This denies legitimate users access the service. If a service has a large number of users, this can cause a serious delay; as resetting the passwords can cause a secondary DDoS if all customers fight to get back into the system.
Lastly, an application Layer DDoS. This type of attack is much harder to detect. As an example, if there was a button on a website to download a .PDF file, a small number of bots could make the requests numerous times which would cause the host system to use more and more resources in transmitting that larger volume of information. This causes the entire site to slow and become unresponsive as the memory and CPU become overloaded with the request.
What can you do about these types of attacks? Well not all hope is lost. It is important to remember that the whole purpose of most websites is to be available to the pubic and customers. Because of this, hackers take advantage of the open nature. Depending on the size of the company and the resources available, companies can take small to large measures to defeat or lessen the effects of an attack. Here are a few suggestions:
– If the attack is small, and coming from a limited number of IPs, they can be blocked manually at the server, firewall or router. Although not perfect, if the attack is minor, blocking may work.
– For larger organizations, use of larger appliances such as Next Generation Fire Walls (NGFW) or Intrusion Detection Systems can be effective in detecting and blocking this type of attack. A company may also look to manage bandwidth. By having bandwidth set aside for peak traffic periods or use a third party service that can expand bandwidth to a company, then the attacker would require more and more bots to conduct an effective attack.
Being ever vigilant on your networks and understanding what an attacker is likely to do to harm your network is the best defense for your business.