In MMA, fighters find the Guillotine or Rear Naked Choke to be reliable tactics for eliciting a submission. In cyber warfare, a DDoS attack is the “go to” move that produces the ultimate cyber smackdown effectively, time after time.
Just like choke holds, Denial of Service attacks come in a variety of flavors – Flood Attacks, SYN Attacks, Smurf Attacks, Ping of Death Attacks, and the ultimate tap out producer Distributed Denial of Service Attacks (to name a few). Each method is designed to achieve a single goal – stifle the target website or online application.
Generally speaking, DoS/DDoS attacks accomplish this by directing a flood of “packets” (fake visitors, often robots) to your website at the same time. In simple terms, a denial of service attack takes up all your hosting environment’s available bandwidth and resources making it impossible for human traffic to reach your website or service.
DoS/DDoS Popularity and Severity on the Rise
Geared toward taking sites offline rather than stealing information or deceiving unknowing web surfers, DoS/DDoS attacks could be regarded as the cyber “crime of passion”. These attacks have effectively silenced religious and political groups from publicly publishing their opinions. High-profile organizations make headlines most often, but really any group with “offbeat” opinions could be the target of a DoS/DDoS onslaught.
Extortion is another popular motive behind DoS/DDoS attacks. Just recently, several Australian sports-betting websites lost millions in revenue over a busy weekend when criminals held their web services hostage for ransom money. Other commercial entities are starting to feel the effect of DoS/DDoS deployments too. Recruit Advantage and Bitbucket have both recently suffered losses due to prolonged outages, and it’s only a matter of time before mass-market retailers use attack-for-hire services to wreck holiday sales for the competition.
DoS/DDoS attacks can take a website or online service to it’s knees effectively and inexpensively, so they are growing to become a popular add on to botnet operators’ portfolios. For a mere $200/day, common Rent-a-DDoS operations can dish out botnet deployments ranging from 100Mbps to 100Gbps. Prolonged over several days, an attack of this magnitude could leave your start-up with a 5-digit invoice for bandwidth.
How to Prevent a DoS/DDoS Smackdown
Unlike other cyber crimes, this type of attack may not pose a direct threat to your clients’ PII (personally identifiable information). That doesn’t spare you the expense of lost sales, regaining public opinion, and technical resources however. In addition to those more “expected” costs, you’ll face charges for the bandwidth consumed during the exploit, and that bill alone could be enough to lead your startup business to early retirement.
The worst part is that if a cyber opponent has you in his or her sights, you’re going down for the count. There are no known prevention methods on record. DoS/DDoS attacks are like a jump spinning rear kick delivered in your blindspot. Scary, deadly stuff.
Don’t Take DoS/DDoS Exploits Lying Down
Since you can’t “eat healthy and excise” your way out of a DoS/DDoS attack, your best bet is to position your website or online application to mitigate the incident. Do this by monitoring your traffic and system state closely at all times. Knowing traffic trends gives you the best chance for getting your guard up FAST, so you have a chance at successfully mitigating the attack.
No matter what equipment or techniques are deployed to mitigate a DDoS/DoS attack, if your internet connection is smaller than the attack size – you’re down. For example, if you have a 100Mbps connection to the internet and the attack is 400Mbps (typical attack size), then the attack exceeds your available bandwidth by 4x saturating your entire network rendering services incapable of responding.
However, if you have enough bandwidth capacity available these techniques and devices are good allies to have when you’re immersed in the heat of a denial of service battle:
- Traffic Redirection – Deny all traffic, good and bad. This method is effective for getting your resource consumption under control and restoring order to your server, but it does not solve the problem of getting customers back in your virtual door.
- IP Filtering – Using routers or firewalls to filter traffic by geography for example can be an effective way to deny traffic from IPs based outside your service area – the US for example. Unfortunately, these devices can only sniff invalid IPs; they are not effective when spoofed or valid IPs are attacking.
- Intrusion Prevention Systems / Application Firewalls – These expensive and adaptable devices “learn” your traffic and can help deny access from malicious origins very effectively.
- DoS Mitigation Appliances – Specialized hardware and software made specifically to fight DoS attacks, DoS/DDoS mitigation appliances provide functionality similar to IPSs and WAFs. This appliance should sit on the very edge of your network (outside your firewall) so it’s taking the attack load off your network.
- Application Optimization – Expertly configured applications can help mitigate D0S/DDoS incidents or an influx of desirable traffic for that matter. Caching pages, for example, can help defray the impact of an attack.
- Load Balancing / Clustering – Servers can handle a substantial amount of traffic (both good and bad), so load balanced / clustered environments provide diversification and help prevent a bottleneck within a single piece of hardware.
If you’re attacked by a DoS/DDoS exploit, your network will consume bandwidth at a high rate for a sustained period of time, so review and understand your billing agreement for bandwidth overage. The alternative, limiting your bandwidth pipe will help prevent the unexpected bill, but again it doesn’t get you back online for business.
If you find yourself under attack by DoS/DDoS, use social platforms like Twitter and Facebook to communicate updates with your customers and other interested parties. Customers and prospective business partners appreciate being notified as soon as possible. Plus, being the first to report the attack lets you control the message and keeps any rumors at bay.
This entry was posted on Friday, December 4th, 2009 at 8:00 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
