Top 4 Tips to Fight Off Botnet Denial of Service Attacks

In case you haven’t been paying attention Botnet DDoS attacks passed the 40 Gigabits/sec mark in 2008 according to Arbor Networks. The shear size of today’s Botnets has reached into the mind-boggling realm of 1.9 million bots in a single Botnet. Couple that with the fact that Botnet DDoS attacks are one of the hardest assaults to defend against and you have a real nightmare scenario on your hands. This is why DDoS attacks are the most common method employed by extortionists to attempt to hold online merchants hostage for ransom. It's big business for criminals and business is good.

Here is a common scenario: bad guy employs a Botnet army to saturate and take out of service something that is of value to you. The targets range from just a DDoS to saturate one critical server to saturating your entire connection to the Internet effectively taking down all your Internet service. In some cases the bad guy will launch his attack first, take down the web services, and then ask for the ransom money. Other times the bad guy will just send in the ransom request with the threat that if it is not met by x days they will take their website down.

Of course none of this is new to you right. But have you ever thought about what you and your company would do if you got hit (or hit again) with a Botnet DDoS attack? How prepared are you to defend against this type of attack? Many companies (both large and small) deal with the issue by explaining it away with arguments like, “we don’t have anything a hacker would want” or “we are to small of a target to be worth the trouble”. In some cases this turns out to be fairly true, the risk of a DDoS attack is just not worth the security investment. But in many cases this line of thinking is dangerously wrong and the risk is actually higher than perceived. If I think about it from a bad guy perspective, I’m looking for one of two things, money or fame. If you can provide either or both of those then you are a target of opportunity.

So, let’s get down to it. How can you fight off a Botnet DDoS attack? Well, the answer varies depending on the type of DDoS attack you are having, your network infrastructure, security tools you have available, and other variables. Even though there are so many variables to how you defend against DDoS in your particular environment, I still think there is value is highlighting a few of the more popular tactics. Here are some tips that I have seen work with some success in the past. Others are brand new techniques to me but seem to offer up a compelling solution. I’ve list these defense tips in no particular order. But feel free to let us know what you think the order of effectiveness should be.

DDoS Prevention Offerings from your ISP or DDoS service
This defensive tactic is usually the most effect of the bunch and of course (typically) the most expensive as well. Many ISPs offer some form of in the cloud DDoS protection for you Internet links. The idea is that the ISPs will scrub/clean your traffic before allowing it onto your Internet pipe. Since this defense is done in the cloud your Internet links don’t become saturated by a DDoS attack. At least that’s the goal anyway. Again no silver bullet. This service is also offered by 3rd party in the cloud DDoS prevention services. They work by redirecting your traffic to them during a DDoS attack. They clean it and send it back to you. This all happens in the cloud so your Internet pipes don’t become overwhelmed. A few examples of ISP that offer DDoS services are AT&T's Internet Protect and Verizon Business's DoS Defense Mitigation.

RFC3704 Filtering
Basic ACL filters. The main premise of RFC3704 is that packets should be sourced from valid, allocated address space, consistent with the topology and space allocation. To this end there is a list of all unused or reserved IP addresses, those you should never see coming in from the Internet. If you do see them then it is positively a spoofed source IP and should be dropped. The name of this list is the bogon list You should check with your ISP to see if they will manage this filtering for you in the cloud before the bogus traffic enters (and fills) you Internet link. A bogon list changes pretty frequently, about once a month, so if the ISP won’t do it for you then you’ll have to manage your own bogon ACL rules (or find another ISP). This updating could be scripted as well.

• Cisco
• Data Center
• E-commerce
• Outsourcing
• Security
• botnet DDoS
• Botnets
• cisco DDoS
• DDos
• denail of service attack
• Destributed Denial of Service attack
• Heary
• how to stop a DDoS attack
• Jamey Heary