DDoS Attack: Difference between revisions
Line 40: | Line 40: | ||
On April 2011, [[Neustar]] launched SiteProtect, a cloud based service which aims to provide higher level of security for UltraDNS customers against Distributed Denial of Service (DDoS) attacks. SiteProtect enables web infrastructures to function normally and avoids downtime even if it is under attack. The combination of SiteProtect and UltraDNS provide consumers with a strong protection for the Domain Name System ([[DNS]]) and web traffic, protecting business owners from possible revenue loss. According to Rick Rumbarger, Product Management Senior Director of Neustar Internet Infrastructure Services, ''"The problem with other approaches to DDoS protection is that the network needs to take a hit before mitigation is started. With SiteProtect, the brunt of the attack is immediately shifted away from the client infrastructure and directed to our mitigation cloud service. By moving this service to the cloud, customers no longer have to buy and maintain large capacity infrastructure with its resulting capex expenses."'' <ref>[http://www.circleid.com/posts/20110405_neustar_launches_siteprotect_for_ddos_protection/ Neustar Launches SiteProtect for DDoS Protection]</ref> | On April 2011, [[Neustar]] launched SiteProtect, a cloud based service which aims to provide higher level of security for UltraDNS customers against Distributed Denial of Service (DDoS) attacks. SiteProtect enables web infrastructures to function normally and avoids downtime even if it is under attack. The combination of SiteProtect and UltraDNS provide consumers with a strong protection for the Domain Name System ([[DNS]]) and web traffic, protecting business owners from possible revenue loss. According to Rick Rumbarger, Product Management Senior Director of Neustar Internet Infrastructure Services, ''"The problem with other approaches to DDoS protection is that the network needs to take a hit before mitigation is started. With SiteProtect, the brunt of the attack is immediately shifted away from the client infrastructure and directed to our mitigation cloud service. By moving this service to the cloud, customers no longer have to buy and maintain large capacity infrastructure with its resulting capex expenses."'' <ref>[http://www.circleid.com/posts/20110405_neustar_launches_siteprotect_for_ddos_protection/ Neustar Launches SiteProtect for DDoS Protection]</ref> | ||
===Verisign Research on DDoS Attacks=== | ===Verisign UpTime Bundle and Research on DDoS Attacks=== | ||
In March 2011, Verisign introduced the Verisign Uptime Bundle, a cloud-based services bundled with Domain Name System (DNS) hosting, threat intelligence services and protection against DDoS attacks. The new service helps improve the performance, security and availability of websites, email, and critical network services. Ben Petro, senior vice president of the Verisign Network Intelligence and Availability business explained that a single line of defense against DDoS attacks is no longer reliable to ensure the availability of website and applications. He said that Verisign's Uptime Bundle is a muti-layered solution and offers the best way to detect and disarm an attack before substantial losses occur. <ref>[http://www.circleid.com/posts/20110328_verisign_uptime_bundle_combines_ddos_protection_managed_dns/ New Verisign Uptime Bundle Combines DDoS Protection, Managed DNS and Threat Intelligence Services]</ref> | |||
On May 2011, a new research commissioned by [[Verisign]] found a widespread DDoS attacks on businesses in all industries and they lack adequate protection against it. The research found out that 63% out of the 225 IT decision-makers who respond to the survey reported that they experience more than one DDoS attacks for the past year, 11% said they experienced more than 6 attacks. Sixty seven percent (67%) of the respondents believed that the frequency of DDoS attacks within the next two years will increase or stay the same and 71% of the respondents believe that DDoS protection is important to maintain their website and services available and 71% of the respondents who lack DDoS protection plan to implent solutions within the next 12 months. <ref>[http://www.circleid.com/posts/20110509_businesses_lack_safeguards_against_ddos_attacks_dns_failures/ Businesses Lack Safeguards Against DDoS Attacks and DNS Failures, New Research Shows]</ref> | On May 2011, a new research commissioned by [[Verisign]] found a widespread DDoS attacks on businesses in all industries and they lack adequate protection against it. The research found out that 63% out of the 225 IT decision-makers who respond to the survey reported that they experience more than one DDoS attacks for the past year, 11% said they experienced more than 6 attacks. Sixty seven percent (67%) of the respondents believed that the frequency of DDoS attacks within the next two years will increase or stay the same and 71% of the respondents believe that DDoS protection is important to maintain their website and services available and 71% of the respondents who lack DDoS protection plan to implent solutions within the next 12 months. <ref>[http://www.circleid.com/posts/20110509_businesses_lack_safeguards_against_ddos_attacks_dns_failures/ Businesses Lack Safeguards Against DDoS Attacks and DNS Failures, New Research Shows]</ref> | ||
==References== | ==References== |
Revision as of 18:59, 1 May 2012
DDoS is the acronym for Distributed Denial of Service.
The telephone system, computer system and Domain Name System (DNS) sometimes become unusable during peak hours because of supply and demand. However, when an intruder or hacker interrupts the system, takes control of the computer, prevents the legitimate user from using it, and forces the computer to send such a large amount of email to another person that it cannot be handled by the recipient's save disk, a Denial of Service (DoS) attack happens. If an intruder attacks a particular computer, takes control of it, sends extraordinary amount of data to a website and distributes it to numerous email addresses affecting the computer network, the intrusion is called a Distributed Denial of Service attack.[1]
Background
The CERT/CC at Canegie Mellon University documented the first incident of Denial Of Service Attack in 1999 when the Trinoo and Tribe Flood Network (TFN) DDoS Network tools were widely distributed. The two DDoS used UDP Flood attack, TCP SYN flood, ICMP echo request flood, and ICMP directed broadcast denial of service attacks respectively.[2] Trinoo attacked a single computer from Minnesota University, affected around 227 systems, and became unusable for more than two days.[3]
On February 2000, a massive DDoS attack paralyzed high profile websites including Yahoo!, Buy.com, eBay, CNN, Amazon.com, ZDNet.com, E-Trade, and Excite, which together lost an estimated amount of $1.7 billion. A suspect, a Canadian juvenile with the online alias "mafiaboy," was arrested on April of the same year. He pleaded guilty on January 18, 2001 on 56 charges of mischief and illegal use of computer services.[4]
Over the years, intruders have used different DDoS tools to affect computer systems:
- Stacheldraht, 1.666 DDoS tool was discovered and widely spread on multiple compromised hosts in several organizations;[5]
- Love Letter Worm, a malicious VBScript which was spread through emails, Windows file sharing, IRC, USENET news and through webpages affecting more than 500,000 computer systems;[6]
- T0rnkit, also distributed by intruders using six different versions of rootkit;[7]
- W/32/Sircam, an e-mail-borne virus;[8]
- Leaves, which was capable of updating and changing its functionality during a hack, affected millions of internet users in five Chinese provinces when an unknown hacker attacked the the server of DNSPod, a Chinese domain name registrar in 2009;[9]
as well as many other viruses and worms distributed by hackers to cripple computer networks in homes and organizations.
Network Solutions spokesperson Shashi Bellamkonda reported that the company experienced a consecutive DDoS attacks on June 20-21, 2011 wherein its costumers were unable to access the server and e-mail and the website became unstable. The company resolved the problem as quickly as possible.[10]
Packet Flooding Attack
The Packet Flooding Attack is the most common type of Denial of Service Attack. The modus operandi of intruders is sending more than acceptable number of packets to a particular destination which consumes the entire bandwidth resources. There are several types of packets used by Packet Flooding Attack tools, including:
- TCP Floods - SYN, ACK and RST flags are sent to the victim's IP Address
- ICMP echo request reply (Ping Floods) - A stream of ICMP is sent to the victim's IP Address
- UDP Floods - A stream of UDP is sent to the victim's IP Address
These attack tools change the characteristics of packets in the packet stream. For example, the Source IP Address is changed to hide the real source of the packet stream. The method of sending packet streams to one or more intermediate sites to create responses that will be sent to a victim is called IP Spoofing.[11] Other packet stream attributes that are altered by intruders are the Source/Destination Ports and Other IP Header Values.
Frequent Targets of Intruder Attacks
According to the CERT report, "Trends in Denial Service Attack Technology," the most frequent targets are Windows end-users and Internet Routing Technology. An intruder's primary intention in conducting DoS attack is to prevent the use of computer or network resources. A computer controlled by a hacker is known as "zombie" or "bot," while a controlled computer network is referred as a "botnet" or "zombie army."[12]
Reasons Why Internet is Vulnerable to Attacks
Internet-connected systems are still vulnerable to DoS attacks despite active security efforts because of the following reasons:
- The Internet is composed of limited and consumable resources
- Internet security is highly interdependent[13]
Developments/Researches on DDoS Attacks
Neustar SiteProtect DDoS Protection
On April 2011, Neustar launched SiteProtect, a cloud based service which aims to provide higher level of security for UltraDNS customers against Distributed Denial of Service (DDoS) attacks. SiteProtect enables web infrastructures to function normally and avoids downtime even if it is under attack. The combination of SiteProtect and UltraDNS provide consumers with a strong protection for the Domain Name System (DNS) and web traffic, protecting business owners from possible revenue loss. According to Rick Rumbarger, Product Management Senior Director of Neustar Internet Infrastructure Services, "The problem with other approaches to DDoS protection is that the network needs to take a hit before mitigation is started. With SiteProtect, the brunt of the attack is immediately shifted away from the client infrastructure and directed to our mitigation cloud service. By moving this service to the cloud, customers no longer have to buy and maintain large capacity infrastructure with its resulting capex expenses." [14]
Verisign UpTime Bundle and Research on DDoS Attacks
In March 2011, Verisign introduced the Verisign Uptime Bundle, a cloud-based services bundled with Domain Name System (DNS) hosting, threat intelligence services and protection against DDoS attacks. The new service helps improve the performance, security and availability of websites, email, and critical network services. Ben Petro, senior vice president of the Verisign Network Intelligence and Availability business explained that a single line of defense against DDoS attacks is no longer reliable to ensure the availability of website and applications. He said that Verisign's Uptime Bundle is a muti-layered solution and offers the best way to detect and disarm an attack before substantial losses occur. [15]
On May 2011, a new research commissioned by Verisign found a widespread DDoS attacks on businesses in all industries and they lack adequate protection against it. The research found out that 63% out of the 225 IT decision-makers who respond to the survey reported that they experience more than one DDoS attacks for the past year, 11% said they experienced more than 6 attacks. Sixty seven percent (67%) of the respondents believed that the frequency of DDoS attacks within the next two years will increase or stay the same and 71% of the respondents believe that DDoS protection is important to maintain their website and services available and 71% of the respondents who lack DDoS protection plan to implent solutions within the next 12 months. [16]
References
- ↑ What is a Distributed Denial of Service (DDoS) Attack and What Can I Do About It?
- ↑ Cert Incident Notes IN-99-09 Distributed Denial of Service Tools
- ↑ Defenses Against Distributed Denial of Service Attacks
- ↑ E-Commerce Giants Crippled in DDoS Attacks
- ↑ CA-2000-01 Denial-of-Service Developments
- ↑ CERT Advisory CA-2000-04 Love Letter Worm
- ↑ Cert Incident Note IN-2000-10
- ↑ Home Network Security
- ↑ DDoS Attack Leaves Five Chinese Provinces Without Internet
- ↑ Network Solutions Bounces Back After DDoS
- ↑ Spoofing
- ↑ Distributed Denial of Service Attack (DDoS)
- ↑ Trends in Denial Service Attack Technology
- ↑ Neustar Launches SiteProtect for DDoS Protection
- ↑ New Verisign Uptime Bundle Combines DDoS Protection, Managed DNS and Threat Intelligence Services
- ↑ Businesses Lack Safeguards Against DDoS Attacks and DNS Failures, New Research Shows