Understanding and surviving DDoS attacks |
|
|
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to exhaust computer's resource intended to its users. Even though the means of execution, motives for, and targets of an attack may vary, it generally consists of the concerted, malevolent efforts of a person or persons to prevent a website or service from serving the clients efficiently or at all, temporarily or indefinitely
Perpetrators of DDoS attacks generally target services or sites located on high-profile web servers such as credit card processing gateways, banks, and even DNS root servers.
One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable.
In general terms, DDoS attacks are implemented by either forcing the targeted computer(s) to reset, or consume its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
Methods
The five basic types of attack are:
1. Consumption of computational resources, such as bandwidth, disk space, or processor time
2. Disruption of configuration information, such as routing information.
3. Disruption of state information, such as unsolicited resetting of TCP sessions.
4. Disruption of physical network components.
5. Obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
A DoS attack may include execution of malware intended to:
Max out the processor's usage, preventing any work from occurring.
Trigger errors in the microcode of the machine.
Trigger errors in the sequencing of instructions, so as to force the computer into an unstable state or lock-up.
Exploit errors in the operating system to cause resource starvation and/or thrashing, i.e. to use up all available facilities so no real work can be accomplished.
Crash the operating system itself.
iFrame (D)DoS, in which an HTML document is made to visit a webpage with many KB's of information many times, until they achieve the amount of visits to where bandwidth limit is exceeded.
Surviving attacks
The easiest way to survive an attack is to have planned for the attack. Having a separate emergency block of IP addresses for critical servers with a separate route can be invaluable.
A separate route (perhaps a DSL) is not that extravagant, and it can be used for load balancing or sharing under normal circumstances and switched to emergency mode in the event of an attack.Filtering is often ineffective, as the route to the filter will normally be swamped so only a trickle of traffic will survive.
Armoraid DDoS filtering solution is the most effective way to be protected from a sudden DDoS attack
|
|
|
World security news |
|
|
 Tue, 09 Mar 2010 16:15:15 -0500 |
|
| What RSA is Saying Now About IT Security |
|
| CIOs face more complexity than ever as an array of new technologies, from social media to cloud computing, open up new opportunities - and vulnerabilities. In ensuring that their businesses aren't exposed to new threats while charging into these new frontiers, IT security teams are essentially helping to enable emerging business models. Whether that means training employees on social media or pressuring cloud vendors to disclose their security practices, IT security will continue to evolve from its historic focus on protecting IT systems to playing a more entrepreneurial role in business. |
|
|
| Tue, 09 Mar 2010 15:25:56 -0500 |
|
| Microsoft Warns IE Under Attack on Patch Tuesday |
|
| As Microsoft pushes out two Patch Tuesday security updates for Windows and Office Excel, the company warns that attackers are targeting a vulnerability in Internet Explorer that can be used to hijack machines. |
|
|
| Tue, 09 Mar 2010 13:18:16 -0500 |
|
| Apple iPad Security Considerations for the Enterprise |
|
| The Apple iPad is scheduled to hit U.S. stores April 3. Though a consumer device, it's a safe bet that like the iPhone and iPod before it, the iPad will make its way into the enterprise. Before it does, enterprises need to think about the security implications of yet another consumer device touching their networks. What security features should they ask for from Apple? What about protecting data accessed on the device? These questions and more should be on the minds of administrators planning ahead for the device, security pros say. At eWEEK, we have gathered ideas on what enterprises should consider regarding the iPad, and what should be on their Apple security wish list. |
|
|
| Tue, 09 Mar 2010 11:20:40 -0500 |
|
| Google Apps Premier Adds Mobile Device Management |
|
| Google Apps Premier and Education now offer limited security and policy controls over ActiveSync-enabled mobile devices, allowing companies using Gmail services to enforce a little bit of control over devices in the field. Policy controls are extremely limited and reporting capabilities are practically nil, but what's there works adequately and the price is right. |
|
|
|
