DDoS Attack and Its Defense



Similar documents
SHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

NSFOCUS Anti-DDoS System White Paper

DDoS Protection Technology White Paper

V-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks

Four Steps to Defeat a DDoS Attack

A Layperson s Guide To DoS Attacks

Four Steps to Defeat a DDoS Attack

Four Steps to Defeat a DDoS Attack

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

CS 356 Lecture 16 Denial of Service. Spring 2013

TDC s perspective on DDoS threats

This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons

NSFOCUS Web Vulnerability Scanning System

DDoS Overview and Incident Response Guide. July 2014

How To Stop A Ddos Attack On A Website From Being Successful

Complete Protection against Evolving DDoS Threats

NSFOCUS Web Application Firewall White Paper

Firewalls and Intrusion Detection

Denial of Service (DoS) Technical Primer

SecurityDAM On-demand, Cloud-based DDoS Mitigation

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Denial of Service Attacks, What They are and How to Combat Them

VALIDATING DDoS THREAT PROTECTION

Stress Testing and Distributed Denial of Service Testing of Network Infrastructures

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

Arbor s Solution for ISP

Kaspersky DDoS Prevention

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

Introduction about DDoS. Security Functional Requirements

2012 Infrastructure Security Report. 8th Annual Edition Kleber Carriello Consulting Engineer

This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons

Denial of Service Attacks

Global DDoS Prevention Market

Eudemon8000E Anti-DDoS SPU

TLP WHITE. Denial of service attacks: what you need to know

FortiDDoS. DDoS Attack Mitigation Appliances. Copyright Fortinet Inc. All rights reserved.

NSFOCUS Remote Security Assessment System. Overview

The Reverse Firewall: Defeating DDOS Attacks Emanating from a Local Area Network

Denial Of Service. Types of attacks

FortiDDos Size isn t everything

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

Distributed Denial of Service protection

Data Sheet. DPtech Anti-DDoS Series. Overview

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015

How Cisco IT Protects Against Distributed Denial of Service Attacks

Wharf T&T Limited DDoS Mitigation Service Customer Portal User Guide

How To Protect A Dns Authority Server From A Flood Attack

A Primer for Distributed Denial of Service (DDoS) Attacks

DDoS Attack Mitigation Report. Media & Entertainment Finance, Banking & Insurance. Retail

Business Case for a DDoS Consolidated Solution

Protect your network: planning for (DDoS), Distributed Denial of Service attacks

co Characterizing and Tracing Packet Floods Using Cisco R

Network attack and defense

Firewall Firewall August, 2003

Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial

NSFOCUS Web Application Firewall

Protection against DDoS and WEB attacks. Michael Soukonnik Radware Ltd

SECURING APACHE : DOS & DDOS ATTACKS - I

Understanding & Preventing DDoS Attacks (Distributed Denial of Service) A Report For Small Business

Quality Certificate for Kaspersky DDoS Prevention Software

DDoS DETECTING. DDoS ATTACKS WITH INFRASTRUCTURE MONITORING. [ Executive Brief ] Your data isn t safe. And neither is your website or your business.

AntiDDoS1000 DDoS Protection Systems

Cutting the Cost of Application Security

How To Block A Ddos Attack On A Network With A Firewall

STATISTICS ON BOTNET-ASSISTED DDOS ATTACKS IN Q1 2015

WHITE PAPER Hybrid Approach to DDoS Mitigation

Technical Series. A Prolexic White Paper. 12 Questions to Ask a DDoS Mitigation Provider

Chapter 8 Security Pt 2

Stop DDoS Attacks in Minutes

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

CSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks

NSFOCUS Anti-DDoS System White Paper

Protect Your Infrastructure from Multi-Layer DDoS Attacks

Abstract. Introduction. Section I. What is Denial of Service Attack?

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

The Risk vs. Cost of Enterprise DDoS Protection

Guidelines for Web applications protection with dedicated Web Application Firewall

The Importance of Cybersecurity Monitoring for Utilities

Stop DDoS Attacks in Minutes

Ihr Standort bleibt erreichbar. Ihre Applikationen bleiben erreichbar!

Acquia Cloud Edge Protect Powered by CloudFlare

Distributed Denial of Service (DDoS)

Security Solutions for the New Threads

WhitePaper. Mitigation and Detection with FortiDDoS Fortinet. Introduction

Chapter 15. Firewalls, IDS and IPS

CloudFlare advanced DDoS protection

How To Attack A Website With An Asymmetric Attack

Transcription:

DDoS Attack and Its Defense 1 DDoS attacks are weapons of mass disruption. The DDoS attack has long been a big main threat to security of the Internet. It is not expensive and easy to be used for achieving goals; thus it is very popular in attackers. So either an Internet corporation or traditional corporation, they are facing the threat of DDoS attacks once they are doing business on the Internet. The report of survey for Q1 of 2012 from Neustar, a world-famous analysis agency, stated that almost one third of corporations have suffered DDoS attacks and almost half of corporations lost over 10 thousand Dollars per hour when their businesses were interrupted. The retail industry suffered the most, with 67 percent of corporations lost over 100 thousand Dollars per hour. Figure-1 Ratio of industry victims under DDoS attacks 1 2 The motives of launching DDoS attacks are publicity and Profit. DDoS attacks are driven by the motives of publicity and Profit. Publicity means the black hats (indicating attackers who intend to launch destructive activities) create incidents to socially-influenced corporations and organizations through DDoS attacks for declaring where they stand on a point or showing off their abilities. These incidents with this kind of motive always attract the public s attentions and are reported by major news services. Take the Iran s cyber battle in 2009 as the example. The opposition supporters launched a series of DDoS attacks to many websites supporting Nejad, Iranian s president websites and other Tehran regime s government websites. There is another example: in December 2012, the Anonymous avenged PayPal, 1 Neustar Insights: DDoS Survey Q1 2012, When Businesses Go Dark. Neustar, 2012

MasterCard, Visa, and several e-banking websites that have cut off services to WikiLeaks by overloading them with DDoS attacks to express their sympathy to the WikiLeaks. Profit indicates profit-driven attacks like racketeering. Most DDoS attacks launched for racketeering are unknown to the public, unless they bring very severe results. The criminal syndicate uses DDoS attacks to obtain commissions (by attacking websites of the hire s competitors), extort money from victims, or blackmail the victims into giving up advertising proxy. Figure-2 Attack motives 3 It s a long battle between DDoS attacks and DDoS defense. The source of DDoS attacks is hard to be eradicated. Because DDoS attacks technically exploit the inherent and extremely concealed bugs of the Internet, most of attacks sources are hard to be traced relying on techniques. Even the attacker exposed his identity in racketeering, for example, it is also very hard to locate the real attack sources and stop the DDoS attack. From the view of deployment, DDoS attacks are also not easy to trace. Generally, the deployment of DDoS attacks is divided into three layers: attacker s host, controllers (the hosts controlled by the attacker), and the attack zombies. The attacker sends attack directives to the controllers and the controllers forward the directives to the attack zombies. As shown in the figure below we can see that to find the attacker s IP address and geo-location needs to trace three levels. But in the real environments, the controllers and the attack zombies are located in different places, even in different countries. That is nearly impossible to find out the DDoS sources.

Figuer-3 DDoS attack process The anti-tracing function in DoS tools makes attack sources more difficult to be traced. First of all, 70 percent of DDoS attacks exploit fake source IP addresses, with which it is impossible to find the attack zombies. Then, Fast-Flux Service Networks (FFSN) is widely used in DDoS tools, making the controllers and the attack zombies connected very shortly. The attack zombies replace the controllers in every several milliseconds; thus it is hard to trace the controllers. Finally, because the attacker uses anonymous proxy to connect the controllers, it is also very hard to locate the attacker s host. Anyway, the concealing characteristic in DDoS attack tools greatly increases the difficulty in finding hackers. The DDoS attacks cannot be eradicated in a short time and there must be a long battle between DDoS attacks and DDoS defense. 4 The key factor to win the battle between DDoS attacks and defense is the operators. In the battle between DDoS attacks and DDoS defense, what the corporation is facing is not a pile of DDoS attack packets, neither DDoS attack tools, but the operators controlling the DDoS attacks. That is to say, it s the people who are the main part in the battle. The prevention capability on the target-side of a DDoS attack determines who will be the winner in the battle. That s why we say the operator is the most important factor. In a DDoS attack, the first thing we should do is to know the attack method, namely, which its target is and what type the attack is. Different attack methods determine different signatures in attack traffic; thus we can find proper prevention solutions. For example, the common Syn Flood is the attack targeting servers. It is always used to exhaust connection resources of servers so as to cause the intended access unable to be connected with the server. For this kind of attacks, the countermeasure is usually to set the SynCookie. UDP Flood and Ping Flood are always used to congest the bandwidth, making the intended access unable to reach the server. Access Control List (ACL) is the common countermeasure to these attacks. Besides the proper countermeasures, a prevention operator should provide right solutions and quick installation after having identified the DDoS targets and attack types. In short, good security operation staffs in a corporation should have the following knowledge and skills:

Closely following up types, characteristics and prevention methods of DDoS attacks; Good expertise in the use of traffic analysis tools and good knowledge on recognizing attack signatures (for example, signatures of captured packets ); Good knowledge on the protected business structure and its network deployment; Good expertise in operating DDoS prevention devices. 5 Stop DDoS attacks before they stop you. If we want to reduce the losses brought by DDoS attacks to the minimal, it is not enough to prepare the countermeasures when they are coming, but we should get prepared to prevent them when they are still the potentials. The first thing we should do is to evaluate the probability of a DDoS attack and the potential losses might bring by it. Based on the assessment results we make a reasonable budget for the protection. Here we adopt a model recommended by Yankee, an international authority: Losses = turnover loss + brand loss + costs for wasted resources Take the e-business as an example. If the turnover of an e-business corporation is USD 365 million in a year, averagely USD 1 million each day, the loss in business interruption caused by the DDoS attacks will be USD 1 million. If the average total gross is 30 percent and the operation cost for one day is USD 700 thousand, the costs for wasted resources will be USD 700 thousand. If the business interruption affects the brand and lead to 2 orders lost, the brand loss will be USD 730 thousand. That is to say, the DDoS attack may cause about UDS 2.43 million lost. After the risk assessment and budget plan, the next thing we should do is to identify the critical targets we need to protect. This is very important in DDoS attacks prevention. We should clear the core assets related to the business, such as the billing server, login server, DNS server, and bandwidth. Prepare corresponding prevention solutions according to attack types these targets might face in advance. Based on the feedback from technical support department in responding DDoS attacks in the past two years, we found that the following types of DDoS attacks can be the reference in prevention: Attacks targeting servers: HTTP Get attacks, SYN Flood attacks, and Connection Flood attacks; Attacks targeting DNS: DNS Query Flood; Attacks targeting bandwidth: UDP Flood and ICMP Flood. 6 Security prevention services will be a popular option. As the cloud computing is widely used in many applications, more and more security corporations will launch their SaaS-based security services. Some security vendors and telecom carriers have begun to provide managed DDoS protection services and solutions for corporations. Different from the traditional DDoS protection products, the managed DDoS protection service or solution delivers not only a DDoS protection tool, but also the capability of preventing DDoS attacks. This kind of service or solution will help corporations prevent DDoS attacks faster and more efficiently. We believe that more corporations will choose the managed DDoS protection service in future.

For more information For more information about products and services, please contact the sales For more information visit Website: www.nsfocus.com is the trademark of Information Technology Co., Ltd. enjoys all copyrights with respect to all textual narrations, document formats, illustrations, photographs, methods, processes and other contents, unless otherwise specified, which shall be governed by relevant property rights and copyright laws. Without written permission of, any individual or institution shall be prohibited to copy or quote any section herein in any way. About APAC is a proven global leader in active U.S. perimeter network security for service Japan providers, data centers, and corporations. It focuses on providing TEL: network +1 408 907 security 6638 solutions including: carrier-grade Anti-DDoS System, Web EMAIL: info-apac@nsfocus.com Application Firewall, and Network Intrusion Prevention System - all designed to help customers secure their networks and corporate-critical information. More detailed information is available at http://www.nsfocus.com.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information