Insight to DOS and DDoS Attacks

For many companies like Google, Twitter or WikiLeaks, the corporate Web site is one of the primary tools for getting business done. That means that if the Web site goes down from a DoS (Denial of Service) or DDoS (Distributed DoS) attack, you’re losing sales—no matter whether your Web site is used for customers to check out products or a way for clients to access services. And if your company is large enough that the Web or application server is hosted on the premises, a DoS attack could block internal Web access and email, which could hamper sales even further. To help you understand and avoid such effects, we’ll explain what DoS attacks are and what you can do to avoid them.
 

What Is A DoS Attack?
 

According to Lori MacVittie, senior technical marketing manager at F5 Networks, “Both DoS and DDoS attacks are designed to disrupt a service, such as a Web application, Web site, etc. Basically, the at- tackers are trying to keep either the service itself or a component in the path—over which traffic to and from the service must travel—so busy that legitimate users cannot access the service reliably.” The primary difference between the two types is that a DDoS attack comes from more than one source, while a DoS attack is launched by a single source.
 

With a DDoS assault, a hacker will plant malicious code into possibly hundreds or thousands of computers to give them the ability to control the group of PCs. The group of remotely controlled computers is called a botnet, and some or all of the PCs can be used in a DDoS attack to simultaneously hit your organization’s Web site from many sources. There are a lot of ways for hackers to perform a dis- ruptive attack on your organization. MacVittie says “the core principal behind any DoS or DDoS attack is the consumption of resources, such as network bandwidth, RAM, or CPU.”

There are two main types of attack. In one, the h@cker will attempt to overflow the Web site with traffic to prevent access to legitimate visitors or slow services to a point where the Web site seems to crawl along. Another version of the “flood” method, which has increased in popularity recently, are attacks where the server’s RAM and processor are used up so that there are no more re- sources left for legitimate requests. The second type of attack is where the hacker will attempt to crash a component in the network or application, such as a router, a Web server, or a database.

DoS Issues

“Organizations that depend on revenue generated via the Internet can suffer monetary loss when legitimate customers are denied access to the site. Loss of availability can negatively impact the reputation of the organization if customers are unable to communicate with customer service representatives,” says MacVittie. Another key concern is the cost to patch, upgrade, or address the vulnerabilities in your network. For example, let’s say that your organization uses digital phone services, which re- quire extra bandwidth to make voice calls, and a DDoS attack begins congesting your network. Your business likely can be without email or voice communication for days on end, so you’ll need to pay to address the problems with the hardware right away.

Why Me?

MacVittie explains, “Generally speaking, these types of attacks are ‘punitive’ in that an organization or government experiencing an attack is being targeted with the motive being revenge for some action that negatively impacted the attacker.” Thus, the best advice is to not anger anyone who might launch DoS or DDoS attacks. For example, a recent DoS attack against PayPal ensued after PayPal blocked donation services to the whistleblower Website WikiLeaks. The belief is that the pro-WikiLeaks group Operation Payback attacked PayPal because they felt they were impeding WikiLeaks activities. Similar “hacktivist” activities hit MasterCard’s and Visa’s Web sites. The lesson is that controversial situations can stir up attackers.

Protection
 

“There are many strategies for preventing a negative impact from a DDoS, but it’s important to note that there is no way to prevent a DoS/ DDoS from happening, because such attacks are completely under the control of a third party (the attacker). There is no way for an organization to stop miscreants from launching such an attack,” says MacVittie. Thus, your focus should be on keeping negative consequences, such as an inaccessible Web site or online application, from affecting your business.
 

F5 Networks recommends that every network component in the organization’s infrastructure have some form of DDoS protection, which means that it has a built-in ability to recognize a DDoS attack and stop it from affecting the quality of your online ser- vices and applications. For example, F5 Networks’ BIG-IP platform is capable of handling tens of thou- sands of connections per second, so it would take a tremendous attack to affect your Web site, assuming sufficient server resources are available. “It also behooves organizations to discuss with their Internet service provider what means they have in place to assist, should an attack occur,” says MacVittie.

“Organizations that depend on revenue generated via the Internet can suffer monetary loss when legitimate customers are denied access to the site,”

There are a number of free and open-source DoS solutions available, but you’ll need an IT staff that has the knowledge and time to deploy and properly implement the protection. If your company doesn’t have the skills or architecture to deploy the DoS protection, a support network from a service provider may be a better, more cost-efficient way to go. “The biggest problem for companies with limited budgets will be that modern DDoS attacks are moving up the stack; in other words they are targeting the application layers as well as network layers,” says MacVittie. Most free or affordable options are not capable of detecting, nor preventing, the impact of an application layer attack.
 

Smaller organizations will also want to ensure they are sufficiently protected against malware and viruses, because the internal computers may be used to participate in a DDoS attack and also consume all your network resources, which will effectively also be a DDoS attack on your company. Whether your company is big, medium, or small, it’s a good idea to talk with your IT staff about what protections you have in place for DoS and DDoS attacks.