On 8 December 2010 a group of hackers launched DDoS (distributed denial of service) attacks against the Visa and Paypal web servers and also on a Swedish government website. The attacks were successful and the services offered by all these sites were severely disrupted. If major corporations, who operate in a multi-national environment, couldn’t prevent these attacks, can the UK government stop such an attack on one of their web services?
Well the simple answer is no, or maybe “probably not”. To understand why this is the case, we need to consider what a DDoS attack is and how it differs from a DoS (denial of service) attack. Then we can consider what could be done to mitigate it.
Computers are marvelous things that have made work infinitely easier, more interesting and quicker (at least most of us think this). Unfortunately they do have limitations, many of which are hidden to the ordinary user. One of these limitations is the maximum number of simultaneous connections – 65,535 – that can be made to a Windows-based PC/server. This is an interesting limitation as it provides the basis for DoS (denial of service) attacks.
You can configure your routers not to respond to ping requests or broadcasts or not to forward packets directed to broadcast addresses. Additionally modern IP filtering appliances are now smart enough to mitigate these threats by dropping any ping that is greater than 84 bytes (for example) and by only allowing a limited number of simultaneous connections from any single IP address.
The second of these things is effective against DoS flood attacks if the limit is set low, say 5 or 6. To generate sufficient resource requests would mean that there would need to be a very high number of hackers involved, more than could be organised in to one group. So, DoS hackers had to find an alternative.
Distributed Denial of Service (DDoS) gets the hackers around this restriction. In a DDoS attack the hackers are not sending the DoS attack from their own PC. Instead they are using a network of PCs on which they have managed to place a “zombie agent”, to allow them to use those PC’s to fire off the DDoS attack (known as a botnet).
One hacker could be in control of several thousand “zombie agents” each getting 5 or 6 connections to a web server without the PC owner being aware of this. A small group of hackers, acting in concert, could easily deny access for any legitimate user or crash a system. Current IP filtering technology can’t prevent these types of attacks so can we do anything?
Well there are things we could do:
DDoS attacks happen and governments are not immune. Only today the OECD warned that governments need to make detailed preparations to withstand and recover from a wide range of unwanted cyber events.
In the summer of 2010 the Irish Central Applications Office server was hit by a denial of service attack; in 2009, during the Iranian elections, the official website of the Iranian government was attacked and made inaccessible; in 2001 the Irish Government’s Department of Finance server was hit by a DoS attack.
There is no foolproof method to prevent a DDoS attack at present. However, for mission critical web services you need to do something and sitting on your hands waiting for an attack is not an option.
Will Hogan is vice president of marketing and sales at security firm Idappcom. Idappcom will be exhibiting at Infosecurity Europe 2011, held from 19 – 21 April at Earl’s Court, London. The event provides an unrivalled free education programme, with exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…