Changes

Jump to: navigation, search

DDoS Attack

872 bytes removed, 3 years ago
no edit summary
'''DDoSDistributed Denial of Service Attacks''', or ''' is the acronym for DDoS Attacks'''Distributed , effectively flood websites or servers with traffic from many different sources in order to "make the site unavailable."<ref name="attack map">[http://www.digitalattackmap.com/understanding-ddos/ What is a DDoS Attack?], Digital Attack Map</ref> DDoS is a type of [[DoS Attacks|Denial of ServiceAttack (DoS Attack)]] that uses multiple sources in order to blocks users from accessing the site. It is important to remember that not all service errors are the result of attack behaviors and can occur if a website is overwhelmed by non-malicious traffic as well.<ref>[http://www.''' us-cert.gov/ncas/tips/ST04-015 Security Tip (ST04-015): Understanding Denial-of-Service Attacks] (February 6, 2013), United States Department of Homeland Security</ref>
==Public Perception== The telephone system, computer system and Domain Name System ([[DNS]]) sometimes become unusable during peak hours because public perception of supply and demandDDoS attacks is negative. HoweverIt is inconvenient to users who cannot reach their destination, when an intruder or hacker interrupts and it can create major problems for the system, takes control of the computerwebsite's registrant, prevents the legitimate user from using whether it, and forces is the computer to send such a large amount website of email an individual or an organization. DDoS attacks can become criminal when the attacker asks for money to another person that it cannot be handled by stop the recipient's save disk, a '''Denial of Service (DoS) current attack''' happensor to prevent further attacks. If an intruder <ref name="blog"/> DDoS attacks a particular computer, takes control of itcan also be used by "hacktivists" for political gain, sends extraordinary amount of data to a website and distributes it to numerous email addresses affecting the computer networkinterrupt free speech, the intrusion is called a '''Distributed Denial or in protest of Service attack'''perceived injustice.<refname="attack map"/>[http://www.cert.org/homeusers/ddos.html What is a Distributed Denial of Service (DDoS) Attack and What Can I Do About It?]<ref name="blog"/ref>
==BackgroundOutcome==The [[CERT/CC]] at Canegie Mellon University documented the first incident outcome of Denial Of Service Attack in 1999 when a DDoS attack is that the [[Trinoo]] and [[Tribe Flood Network]] (TFN) DDoS Network tools were widely distributedattacked website is unavailable or runs very slowly. The two DDoS used UDP Flood attack, TCP SYN flood, ICMP echo request flood, and ICMP directed broadcast denial of service damage done by these attacks respectively.<ref>[http://www.cert.org/incident_notes/IN-99-07.html Cert Incident Notes IN-99-09 Distributed Denial of Service Tools]</ref> Trinoo attacked a single computer from Minnesota Universitycan lead to minor inconveniences, affected around 227 systemslosses in consumer confidence, and became unusable for more than two days.<ref>[http://www.garykessleror large revenue losses.net/library/ddos.html Defenses Against Distributed Denial of Service Attacks]</ref>
On February 2000, a massive ==Historical Use==*DDoS attack paralyzed high profile websites including [[Yahoo]]!attacks have been used to take down or interrupt the traffic of large sites, making them inaccessible.<ref name=Weiss>[[Buyhttp://www.esecurityplanet.com/network-security/how-to-prevent-dos-attacks.html How to Prevent DoS Attacks]], [[eBay]]by Aaron Weiss (July 2, CNN2012), eSecurity Planet</ref><ref>[[Amazonhttp://blog.com]], [[ZDNeticann.com]org/2013/04/do-more-to-prevent-dns-ddos-attacks/ Do More to Prevent DNS DDoS Attacks]by Dave Piscitello (April 3, E-Trade2013), Internet Corporation for Assigned Names and ExciteNumbers (ICANN)</ref> These planned attacks can be committed for political, social, which together lost an estimated amount of $1and/or illegal purposes.7 billion. A suspect, a Canadian juvenile with the online alias <ref name="blog"mafiaboy/> Unlike regular DoS attacks," was arrested on April of DDoS attacks use multiple computers to attack their victims which often makes the same yearattack harder to stop. He pleaded guilty on January 18<ref name=Weiss/> [[Botnet Attacks|Botnets]], 2001 on 56 charges or networks of mischief and illegal use of computer servicescomputers controlled by hackers, are often used in DDoS attacks.<ref>[http://www.pbsprolexic.orgcom/wgbh/pages/frontline/shows/hackers/whoare/notableknowledge-center-what-is-ddos-denial-of-service.html E-Commerce Giants Crippled in What is DDoS denial of service? What everyone needs to know about DDoS Attacks], Prolexic</ref>
Over the years, intruders have used different DDoS tools to affect computer systems:* [[Stacheldraht]], 1.666 Four types of DDoS tool was discovered and widely spread on multiple compromised hosts in several organizations;<ref>[httpattacks include://www.cert.org/advisories/CA-2000-01.html CA-2000-01 Denial-of-Service Developments]</ref> * [[Love Letter Worm]], a malicious VBScript which was spread through emails, Windows file sharing, IRC, USENET news and through webpages affecting more than 500,000 computer systems;<ref>[http://www.cert.org/advisories/CA-2000-04.html CERT Advisory CA-2000-04 Love Letter Worm]<name="attack map"/ref> * [[T0rnkit]], also distributed by intruders using six different versions of rootkit;<ref>[http#TCP Connection Attacks://www.cert.org/incident_notes/IN-2000-10.html Cert Incident Note IN-2000-10]attempting "to use up all the available connections to infrastructure devices"</ref> * [[Wname="attack map"/32/Sircam]], an e-mail-borne virus;<ref>[http#Volumetric Attacks://www.us-cert.gov/reading_room/home-network-security/attempting to use large amounts of bandwidth#III-B-1 Home Network Security]</ref>* [[Leaves]]Fragmentation Attacks: sending so many TCP or UDP fragments that the target cannot assemble them, which was capable of updating and changing its functionality during a hack, affected millions of internet users in five Chinese provinces when an unknown hacker attacked slows the the server of [[DNSPod]], a Chinese domain name registrar in 2009;<ref>[httpsystem#Application Attacks://news.softpedia.com/news/DDoS-Attack-Leaves-Five-Chinese-Provinces-Without-Internet-112313.shtml DDoS Attack Leaves Five Chinese Provinces Without Internet]</ref>as well as many other viruses and worms distributed by hackers trying to cripple computer networks in homes and organizations.flood one aspect or application on a given site
[[Network Solutions]] spokesperson [[Shashi Bellamkonda]] reported *A DDoS attack can be bought or traded as a service. For example, an attack that the company experienced lasts a consecutive DDoS attacks on June 20-21week can be purchased for $150, 2011 wherein its costumers were unable to access the server and e<ref name="attack map"/> while an attack that lasts 1 hour can be bought for $30-mail and the website became unstable. The company resolved the problem as quickly as possible70.<ref>[http://dos-attackswww.trendmicro.com/2011cloud-content/06us/22pdfs/networksecurity-solutionsintelligence/white-bouncespapers/wp-backrussian-afterunderground-ddos/ Network Solutions Bounces Back After DDoS101.pdf Russian Underground 101](PDF) by Max Goncharov, TrendMicro.com</ref>
==Packet Flooding Attack==The Packet Flooding Attack is the most common type of Denial of Service Attack. The modus operandi of intruders is sending more than acceptable number of packets *In addition to a particular destination which consumes the entire bandwidth resources. There are several types of packets causing service errors, DDoS attacks can also be used by Packet Flooding Attack toolsto commit "other cybercrimes, includingdata breaches or financial fraud."<ref>[https:* [[TCP]] Floods - SYN, ACK and RST flags are sent //www.networkworld.com/newsletters/techexec/2013/101113bestpractices.html?page=2 Best practices to the victim's [[IPmitigate DDoS attacks]] Address* [[ICMP]] echo request reply by Linda Musthaler (Ping FloodsJanuary 10, 2013) - A stream of ICMP is sent to the victim's IP Address* [[UDP]] Floods - A stream of UDP is sent to the victim's IP Address, Network World</ref>
These attack tools change the characteristics of packets in the packet stream. For example==ICANN Policy==*ICANN does not have a policy that specifically addresses DDoS attacks; however, ICANN's blog has addressed the Source IP Address is changed to hide the real source of the packet stream. The method issue of sending packet streams how to one or more intermediate sites to create responses that will be sent respond to and report a victim is called IP SpoofingDDoS attack.<refname="blog">[http://wwwblog.issicann.netorg/security_center2013/advice04/Undergroundhow-to-report-a-ddos-attack/Hacking/Methods/Technical/Spoofing/defaultHow to Report a DDoS Attack] by Dave Piscitello (April 25, 2013), Internet Corporation for Assigned Names and Numbers (ICANN).htm Spoofing]</ref> Other packet stream attributes If a site is under attack, the 2013 post suggests that are altered the registrant contacts the hosting provider and internet service provider (ISP).<ref name="blog"/> If the attack was proceeded by intruders are a threat or a sum of money was demanded to stop the Sourceattack, the registrant should contact law enforcement.<ref name="blog"/Destination Ports and Other IP Header Values.>
==Frequent Targets of Intruder Attacks==According to the CERT report, "Trends in Denial Service Attack Technology," the most frequent targets are Windows end-users and Internet Routing Technology. An intruder*ICANN's primary intention Security and Stability Advisory Committee ([[SSAC]]) also released an advisory in conducting DoS attack is 2006 on DDoS attacks in relation to prevent the use of computer or network resourcesDNS. A computer controlled by a hacker is known as "zombie" or "bot," while a controlled computer network is referred as a "botnet" or "zombie army."<ref>[http://searchsecuritywww.techtargeticann.comorg/en/groups/definitionssac/distributeddns-denialddos-ofadvisory-service31mar06-attack en.pdf SSAC Advisory SAC008: DNS Distributed Denial of Service Attack (DDoS)Attacks](PDF), ICANN Security and Stability Advisory Committee (SSAC)</ref>
*ICANN's [[SSAC]] released another advisory in 2014 on DDoS attacks and how they may exploit certain security issues in the DNS.<ref name==Reasons Why Internet is Vulnerable "s">[http://www.icann.org/en/groups/ssac/documents/sac-065-en.pdf SSAC Advisory on DDoS Attacks Leveraging DNS Infrastructure] (PDF), ICANN Security and Stability Advisory Committee (SSAC)</ref> For example, an attacker may use a victim's spoofed IP address to make multiple queries to Attacksan open recursive DNS server; the server will then respond by flooding the victim's computer with the unsolicited responses.<ref name="sing">[http://singapore49.icann.org/en/schedule/thu-ssac SSAC's Update Presentation at ICANN 49] (PDF and audio)</ref> DDoS attacks that utilize "DNS reflection and amplification" can have "attack data bit rates reportedly exceeding 300 gigabits per second."<ref name="sing"/> The advisory suggests that "ICANN should...facilitate an Internet-connected systems are still vulnerable wide community effort to DoS reduce the number of open resolvers and networks that allow network spoofing."<ref name="s"/> Additionally, rate limiting and blocking abusive queries may help reduce DDoS attacks despite active security efforts because of the following reasons:* .<ref name="sing"/> The Internet is composed of limited SSAC also recommends that DNS software and consumable resources* Internet security is highly interdependentsystems be updated regularly to reduce DDoS vulnerability.<refname="sing"/>**Read the [http://www.certicann.org/homeusersen/ddosgroups/ssac/documents/sac-065-en.html Trends in Denial Service Attack Technologypdf SSAC's Advisory on DDoS Attacks Leveraging DNS Infrastructure]<**View the [http://singapore49.icann.org/en/schedule/ref>thu-ssac SSAC's Presentation at ICANN 49]
==Developments/Researches on DDoS Attacks=====Neustar SiteProtect DDoS Protection=Legislation==On April 2011, *[[NeustarComputer Fraud and Abuse Act]] launched SiteProtect(CFAA): this act, a cloud based service which aims to provide higher level last amended in 2008,<ref>[http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act Computer Fraud and Abuse Act] at Wikipedia</ref> prohibits the unauthorized use of security for UltraDNS customers against Distributed Denial of Service another person's computer, among other things.<ref>[https://ilt.eff.org/index.php/Computer_Fraud_and_Abuse_Act_%28CFAA%29 Computer Fraud and Abuse Act (DDoSCFAA) attacks] at Internet Law Treatise</ref><ref>[http://us. SiteProtect enables web infrastructures to function normally and avoids downtime even if it is under attackpracticallaw. The combination of SiteProtect com/2-508-3428 Computer Fraud and UltraDNS provide consumers with a strong protection for the Domain Name System Abuse Act ([[DNSCFAA)]]) and web trafficat Practical Law, protecting business owners from possible revenue loss. According Thomson Reuters</ref> In relation to Rick RumbargerDDoS attacks, Product Management Senior Director of Neustar Internet Infrastructure Services, ''"The problem with other approaches to DDoS protection is that if the network needs hacker used a botnet to take a hit before mitigation is started. With SiteProtect, the brunt of perpetrate the attack is immediately shifted away from the client infrastructure and directed , he or she could be charged under CFAA in addition to our mitigation cloud servicefacing civil suits.<ref>[http://us.practicallaw. By moving this service to the cloudcom/7-516-9293 Distributed Denial-of-Service (DDoS) Attack] at Practical Law, customers no longer have to buy and maintain large capacity infrastructure with its resulting capex expensesThomson Reuters</ref> DDoS attackers can also face jail time."'' <refname="naked">[http://wwwnakedsecurity.circleidsophos.com/posts2010/12/20110405_neustar_launches_siteprotect_for_ddos_protection09/are-ddos-distributed-denial-of-service-attacks-against-the-law/ Neustar Launches SiteProtect for Are DDoS Protection(distributed denial-of-service) attacks against the law?]by Graham Cluley (December 9, 2010), Naked Security, Sophos</ref>**Read more about the [https://ilt.eff.org/index.php/Computer_Fraud_and_Abuse_Act_%28CFAA%29 CFAA].
===Verisign UpTime Bundle and Research on DDoS Attacks===In March 2011*Other nations, Verisign introduced such as the Verisign Uptime BundleUK and Sweden, a cloudalso have anti-based services bundled with Domain Name System (DNS) hosting, threat intelligence services and protection against DDoS attacks. The new service helps improve the performance, security and availability of websites, email, and critical network services. Ben Petro, senior vice president of the Verisign Network Intelligence and Availability business explained that a single line of defense against DDoS attacks is no longer reliable to ensure the availability of website and applications. He said that Verisign's Uptime Bundle is a muti-layered solution and offers the best way to detect and disarm an attack before substantial losses occurlegislature. <ref>[http:name="naked"//www.circleid.com/posts/20110328_verisign_uptime_bundle_combines_ddos_protection_managed_dns/ New Verisign Uptime Bundle Combines DDoS Protection, Managed DNS and Threat Intelligence Services]</ref>
On May 2011, ==DNS Award==Awardees take a new research commissioned by [[Verisign]] found a widespread proactive approach to preventing DDoS attacks on businesses in all industries .  ==Additional Resources==*Review facts and they lack adequate protection against itwatch a video explaining [http://www.digitalattackmap. The research found out that 63% out of the 225 IT decisioncom/understanding-makers who respond to the survey reported that they experience more than one ddos/ DDoS Attacks]*View a [http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&time=16097&view=map DDoS attacks for Attack Map]*Read the past year, 11% said they experienced more than 6 attacks[http://www.icann.org/en/groups/ssac/dns-ddos-advisory-31mar06-en. Sixty seven percent (67%) of the respondents believed that the frequency of pdf SSAC's DDoS attacks within the next two years will increase or stay the same and 71% of the respondents believe Advisory]*See [http://www.us-cert.gov/ncas/tips/ST04-015 CERT's Security Tips Page] for signs that indicate you may be experiencing a DDoS protection is important to maintain their website and services available and 71% of the respondents who lack DDoS protection plan to implent solutions within the next 12 months. <ref>attack*View a [http://www.circleid.com/posts/20110509_businesses_lack_safeguards_against_ddos_attacks_dns_failures20140318_what_does_a_ddos_attack_look_like/ Visualization of a DDOS Attack]*Listen to the [http://singapore49.icann.org/en/ Businesses Lack Safeguards Against schedule/thu-ssac SSAC's Presentation at ICANN Singapore] that addresses DDoS attacks and recommendations ==Related Articles==*[[Botnet Attacks and DNS Failures, New Research Shows]</ref>]*[[DoS Attack]]
==References==
{{reflist}} [[Category:Glossary]]<references/>
__NOTOC__[[Category: Bad Practice]]
Bureaucrats, lookupuser, staff, Administrators
11,730
edits

Navigation menu