Home / Internet
On Denial of Service Attacks
By:Bryce Whitty
I was thinking about this attack pattern after reading about the DDoSattack on the<---****HYPERLINK****--->"http://www.milliondollarhomepage.com/">Million Dollar Homepage. The site's owner was asked for $50,000 in exchange for the attack being halted.
It is clear, to me at least, that steps should be taken to prevent DDoS attempts at some point in the network where the bandwidth can cope. This is, usually, before it hits the destination server. Firewall hardware on the main connection to an ISP is one of the best places to block such attempts, but the problem arises from the distributed nature of these attacks. It is not a matter of blocking a single IP address, or even a single range, and trying to block all of the subnets usually prevents legitimate users accessing the site, which is what the attackers intended all along.
One approach to preventing this would be to detect IP addresses which are repeatedly sending the same data to the same place, such as large ping packets going to the same hosted server, or patterns in the traffic, and selectively block or delay such packets with respect to legitimate packets from IP addresses seen much less frequently, usually characteristic of real site visitors.
Another approach is to drop unwanted packets directly, rather than wasting time and resources replying to those packets, and to prioritise based on protocol - giving HTTP priority over e.g. ICMP.
Of course, this doesn't prevent attacks which utilise a large number of HTTP connections, filling the server's connection pool and preventing other users establishing a link to the server, but there are often modules for the web server software itself which can detect such activity and prioritise traffic, or drop connections which fit a certain characteristic pattern.
Distributed Denial of Service attacks are almost impossible to entirely block or prevent, but measures are easily introduced which can limit their effectiveness. Ultimately, the real source must be determined in order to stop such an attack, but this usually means tracing connections back through several computers which have been used without the owner's knowledge, usually by means of remote control software installed silently. Performing such a trace is difficult at best, and even authorities struggle to reach the end of the chain and determine the real source.
I was thinking about this attack pattern after reading about the DDoSattack on the<---****HYPERLINK****--->"http://www.milliondollarhomepage.com/">Million Dollar Homepage. The site's owner was asked for $50,000 in exchange for the attack being halted.
It is clear, to me at least, that steps should be taken to prevent DDoS attempts at some point in the network where the bandwidth can cope. This is, usually, before it hits the destination server. Firewall hardware on the main connection to an ISP is one of the best places to block such attempts, but the problem arises from the distributed nature of these attacks. It is not a matter of blocking a single IP address, or even a single range, and trying to block all of the subnets usually prevents legitimate users accessing the site, which is what the attackers intended all along.
One approach to preventing this would be to detect IP addresses which are repeatedly sending the same data to the same place, such as large ping packets going to the same hosted server, or patterns in the traffic, and selectively block or delay such packets with respect to legitimate packets from IP addresses seen much less frequently, usually characteristic of real site visitors.
Another approach is to drop unwanted packets directly, rather than wasting time and resources replying to those packets, and to prioritise based on protocol - giving HTTP priority over e.g. ICMP.
Of course, this doesn't prevent attacks which utilise a large number of HTTP connections, filling the server's connection pool and preventing other users establishing a link to the server, but there are often modules for the web server software itself which can detect such activity and prioritise traffic, or drop connections which fit a certain characteristic pattern.
Distributed Denial of Service attacks are almost impossible to entirely block or prevent, but measures are easily introduced which can limit their effectiveness. Ultimately, the real source must be determined in order to stop such an attack, but this usually means tracing connections back through several computers which have been used without the owner's knowledge, usually by means of remote control software installed silently. Performing such a trace is difficult at best, and even authorities struggle to reach the end of the chain and determine the real source.
Article Source: http://www.redsofts.com/articles/
Bryce Whitty owns and runs www.technibble.com>computer repair website called www.technibble.com>Technibble.com. A website that provides technical how-tos for repairing your computer. Technibble also has many guides for getting into the www.technibble.com>computer business or managing your existing one. We also cover other side topics such as Security and Software.
More Articles from Internet Category:
What In The World Is Cpanel And Why Do I Want It?
Tips To Help You Make Money Through Online Surveys
Earning Money On The Internet
How To Select Online Cash Paid Survey Sites?
Tips on How to Profit Online Easily
Is It True That You Will Get Paid For Survey?
Your Roadmap to Guaranteed Internet Success
The Importance Of Linking, Link Popularity Plus Tag And Ping
Can Language Be Taught Over the Internet?
I Want To Shop On The Internet, What Tips Should I Know Before I Shop?
Powerful Podcasting
The Secret to Generating Exponential Traffic Growth
eBay Tips
How to Quickly and Easily Distribute Your Free Content
Secrets to Easily Building Opt-In Lists
|
|
|
