Hackers step up DDoS assaults with use of 'zombie armies'

* DDoS attacks and ways to protect against them

You may have heard about distributed denial-of-service attacks and the harm they can wreak on organizations. You might think you're safe because you're not a clear target like Google, Yahoo, or Microsoft (all of which have suffered severe outages due to distributed DoS attacks), or if you're primarily a "bricks-and-mortar" organization with limited Web presence. You'd be wrong.

In recent months, two trends have combined to greatly increase the risk to companies of distributed DoS attacks. The first is that an increasing number of organizations are using the Internet to enable remote workers to connect to corporate resources. The number of remote workers has skyrocketed by 800% in the past five years, according to recent research from Nemertes Research. Many of those users connect to corporate resources via the Internet and distributed DoS attacks could keep these legitimate users from accessing their data center resources.

The second trend is the dramatic increase in distributed DoS-based extortion. Hackers have learned that the ability to connect to the Internet has tangible value, and they're starting to use distributed DoS attacks as a way to attempt to force companies to pay up. Carl Landwehr, program director for the National Science Foundation's (NSF) CyberTrust program, points out that in 2004 there has been a notable increase in distributed DoS-for-money attacks: A hacker will launch an attack, then contact the victim and demand money (usually $10,000 to $50,000) to make it stop. While the most common targets for such attacks are online businesses such as casinos, any organization with a Web site is a potential target.

As with any denial-of-service attack, distributed DoS attacks work by paralyzing the victim's servers and systems and clogging their network access points with useless traffic. Technically, today's distributed DoS attacks are a step up in sophistication from the old denial-of-service attacks of yore. With distributed DoS, the attacker lines up a network of hacked machines-called "zombies" across the Internet that, upon command, launches an assault on the target. Many times, taking out the "control" machine won't stop the attack - the "zombies" keep on assaulting the victim. Moreover, hackers don't even need to create their own "zombie armies" - other hackers have compiled armies as large as 20,000 machines, and will rent these to other hackers.

To protect against distributed DoS attacks, data center managers should look into network-based solutions, particularly services provided by players such as AT&T and Sprint (which recently announced distributed DoS-protection products) and Equinix, which offers Exquinix Direct, an option for providing connectivity via multiple ISPs. Premises-based solutions can be helpful, but only in protecting servers and other on-site resources - they don't protect against network congestion that can take a site offline. (Any solution that drops packets only when they've reached the premises can't address network congestion.)

Johna Till Johnson is president and chief research officer at Nemertes Research. Reach her at mailto:johna@nemertes.com

Learn more about this topic

DDoS attacks and their protecting against them 

An example of "zombie armies" in action

AT&T's DDoS protection 

Sprint's DDoS protection 

Equinix's mutihomed Internet service 

Sun to boost storage package

Network World, 11/29/04
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2004 IDG Communications, Inc.