- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
Given that Distributed Denial of Service (DDoS) attacks are becoming more frequent, it is a good time to review the basics and how you can fight back.
A DDoS is an attack method used to deny access for legitimate users of an online service. This service could be a bank or e-commerce website, a SaaS application, or any other type of network service. Some attacks even target VoIP infrastructure.
An attacker uses a non-trivial amount of computing resources, which they either built themselves or, more commonly, by compromising vulnerable PC's around the world, to send bogus traffic to a site. If the attacker sends enough traffic, legitimate users of a site can't be serviced.
For example, if a bank website can handle 10 people a second clicking the Login button, an attacker only has to send 10 fake requests per second to make it so no legitimate users can login. There are a multitude of reasons someone might want to shut a site down: extortion, activism, competitive brand damage, and just plain old boredom.
DDoS attacks vary in both sophistication and size. An attacker can make a fake request look like random garbage on the network, or more troublesome, make the attack traffic look exactly like real web traffic. In addition, if the attacker has enough computing resources at their disposal, they can direct enough traffic to overwhelm the target’s bandwidth.
The simplest types of attacks are Layer 3 and 4 attacks (IP and UDP/TCP in the OSI stack). These simply flood the network and servers such that they can no longer process legitimate network traffic because the attacks have saturated the network connectivity of the target. A more complex Layer 7 attack “simulates” a real user trying to use a web application by searching for content on the site or clicking the “add to cart” button.
There are four main types of protection from DDoS attacks:
* Do It Yourself. This is the simplest and least effective method. Generally someone writes some Python scripts that try to filter out the bad traffic or an enterprise will try and use its existing firewalls to block the traffic. Back in the early 2000s, when attacks were pretty simple, this could work. But these days, attacks are far too large and complex for this type of protection. A firewall will melt quite quickly under the load of even a trivial attack
* Specialized On-Premises Equipment. This is similar to “Do It Yourself” in that an enterprise is doing all the work to stop the attack, but instead of relying on scripts or an existing firewall, they purchase and deploy dedicated DDoS mitigation appliances. These are specialized hardware that sit in an enterprise’s data center in front of the normal servers and routers and are specifically built to detect and filter the malicious traffic. However, there are some fundamental problems with these devices: