Can You Ping Me Now?

Verisign Masters of Internet Infrastructure

Whatever your business is, retail or healthcare or education, delivering your goods and services to your customers is increasingly dependent on the Internet. And, between use of SaaS and use of Internet to connect branches and teleworkers, internal staff work is also. So, what happens when customers and staff can’t get through to the data center because the Internet link is congested? Customers often look elsewhere. Staff lose efficiency and effectiveness. Possibly more discomfiting, what happens when they can get through, but performance is so unpredictable and unreliable that they are even unhappier than they’d be with failure outright? On-line retailers like Amazon have instrumented response time and purchases to the point that they can measure response degradation in dollars per millisecond of added delay. Denial of service attacks aim to create these kinds of problems for you. Some are volume-based. The most common seek simply to overwhelm your links to the Internet, or of the user-facing services on them. Some subtler volume attacks will simply try to keep the link pushed close to its limit, to slow response times to the legitimate traffic that can still get through. Others will target software, either in the network stacks of servers or in the web-facing applications, to try to overwhelm them with more traffic than they can handle. This can be low-level, trying to give a network stack more mismatched SYN/ACK traffic than it can handle, or high level, sending bogus XML messages to a SOA component to try to absorb resources. Other attacks don’t rely on volume but on guile. They target specific application or network stack bugs and try to bring services down with a well placed dagger instead of a barrage of machine gun bullets. The classic attack of this sort was the “Ping of Death” – one packet (albeit a huge one) to crash a router! Your denial of service planning—and protection—will require considering both sides of the coin: volume and vulnerability.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2011 IDG Communications, Inc.