jump to navigation

Denial of Service Attack (reviewed) February 2, 2007

Posted by jhlim in DDOS, Internet, Software Reviews, Spam, Technology, Web Traffic.

It’s been a while since hearing about DDOS attacks in the news lately. Our website bandwidth spiked up over night.  Being concerend, I digged a little research about DDOS attacks and what you can do about it.

DDOS attack Denial of service  

I am writing this blog for many of our readers who are not that tech savvy. I found this great article on Maggie’s Farm that talks about DDOS attacks in layman’s term suited for many web entrepreneurs who know little about the internet.

As we speak now, Maggies’ Farm site still looks like it’s under severe attack,  so I decided to post this great article here below.

Should you want to read more about how to deal with DDOS attacks, read below some of the techniques used today by bigger companies.

Our Denial of Service Attack, Update (originally from maggiesfarm.anotherdotcom.com)

Just got off the phone with our Webmeister Chris. Here’s what I learned about the Denial of Service (DOS) “attack” which we have been dealing with on and off since Thursday, and which has made access for our readers intermittently difficult or, today, impossible.

We have been subjected to what is termed a DOS Botnet Attack, consisting mainly of lengthy black market drug advertisements, containing multiple links, directed to our trackback system and to our commenting system (which is why they are shut down at the moment). A “bot” is, of course, a robotic software program.

Chris determined that this attack is coming from China, India, Japan, and Korea, simultaneously. It is probably a criminal consortium of some sort – and a large one. DOS attacks are not designed to damage specific sites, and they are not designed to result in a DOS – after all, that would defeat the purpose, which is advertising. Like any parasite, a bot is not intended to kill its host – just to feed off it. Just like the Welfare State.

The way it works is that black market drug dealers (of Viagra and other drugs) buy ads on the “internet black market” directed to various websites (there is a market in website addresses, too). Thus no-one who gets a DOS attack should feel flattered or singled out: they just happened to be on a doubtless long list that no human ever read. Similar bots advertise gambling sites, and other things.

The evil computer geniuses who sell the ad use their Bot software to then infect (with “worms,” Trojans,” etc.) and essentially partially enslave, in this case, about 50,000 computers around the globe (PCs which are lacking in updated security patches, and generally residential PCs whose owners are unaware of what is going on, and totally unaware that they might be running a bit slow because a Bot is using them). These enslaved machines then generate the spam traffic, non-stop, at a rapid pace. There are a lot of PCs out there in the world without up-to-date security patches.

The volume of traffic overwhelms the spam filters, and the servers get clogged. At the moment, Chris is playing traffic cop, and trying to direct all of our spam traffic to a black hole in the internet – a non-existing ISP address.

At present, much of our friendly traffic is also being blocked by filters or  diverted (including anything via AOL, at the moment, most foreign traffic, and most search traffic).

Chris tells me that the guys who run these criminal enterprises design software which is highly flexible and adaptible, so that it can find ways around firewalls and filters. Giant websites handle DOS attacks by diverting all of the spam to one server, and maintain the site via other servers. He guesses that a site like the NYT spends $100,000/month or more on internet access alone – not counting salaries, hardware, etc.

Chris has collected all of this drug ad spam traffic data, and has forwarded its origins to the FBI, CERT at Homeland Security, to firewall manufacturers, and to other website managers so they can learn from it. Since it’s all being generated overseas by well-concealed people, no-one will go to jail. It is, however, a federal crime to do this in the US.

Hope we can get comments back soon, because this is all interesting – if frustrating as hell for your humble editor. Chris, sturdy Green Mountain Yankee boy that he is, finds this challenge exhilarating and is cheerfully girded for battle against a powerful adversary. Thanks, Chris, for getting us back up and running tonight. And hold your fire ’til you can see the whites of their eyes.

You can read more about the Botnet battles at eWeek: Is the Botnet Battle Already Lost?

What can you do when your website is under DDOS attacks? 

Black-holing or sinkholing:

This method simply divert the entire traffic to another server or black hole. By doing this, you’ll also end up diverting good traffics from legit users. If you are using the web server for other applications, doing so, will prevent it from shutting the server completely until the storm is over.

Routers and firewalls:

Routers can stop simple ping attacks by filtering nonessential protocols and can also stop invalid IP addresses. But today, DOS attacks are more sophisticated using different valid IP addresses. Firewalls, like routers, can’t perform antispoofing.

Intrusion-detection systems: These are general more expensive and sophisticated solutions used to detect traffic anomaly. Unfortunately, you’ll probably also need experts to help configure something like this. For many small web site owners, this is not a solution.

DDoS mitigation appliances: Several companies either make devices dedicated to sanitizing traffic or build DDoS mitigation functionality into devices used primarily for other functions such as load balancing or firewalling. These devices have varying levels of effectiveness. None is perfect. Some legitimate traffic will be dropped, and some illegitimate traffic will get to the server. 

Buying excess bandwidth or redundant network: Getting more bandwidth is a price you’ll have to pay if you want to handle spikes in traffic or occasional DDOS attacks. These are services that are available from your server or ISP providers. Choosing a good hosting providers is also a way to to mitigate such attacks as they have set in place systems to protect their networks.

Interesting Links

How to Check DDOS Attack on Server

Distributed Denial of Service (DDoS) Attacks/tools 

DDOS Attack: Protect Your Site from this Growing Threat  (White paper from prolexic.com)

 Related links found on Wikipedia.org

  • RFC 4732 Internet Denial-of-Service Considerations
  • Intentando detener un DDoS (en español)
  • cert.org CERT’s Guide to DoS attacks.
  • washington.edu Dave Dittrich’s DDoS page.
  • surasoft.com – DDoS case study, concepts, and protection.
  • tik.ee.ethz.ch DDoSVax Research Project at the Swiss Federal Institute of Technology in Zürich.
  • honeypots.net Papers and presentations on DDoS mitigation techniques.
  • DoS attack resources
  • newssocket.com An article regarding a DDoS for hire incident.
  • grc.com General information regarding DoS attacks.
  • isotf.org General information regarding DNS reflector and amplification DDoS attacks.
  • linuxsecurity.com An article on preventing DDoS attacks.
  • intruguarddevices.com News articles on DDoS attacks.
  • whatis.com – Denial of Service
  • Denial of Service (Carnegie Mellon) CC Denial of Service Attacks
  • Understanding Denial of Service Attack. US-CERT
  • Cisco IOS commands to prevent flooding.
  • A proposal for defeating SYN attacks by a protocol change
  • (Queens University Belfast) Denial of Service Study
  • Advertisements


    1. Massive DDOS attack today! « Profitimo.com - Web Marketing Experts - February 7, 2007

    […] Web Traffic, DDOS, Search Industry News. trackback Just as I wrote about DDOS attacks last Friday (read here ) and here we go! The biggest DDOS attack since 2002 when it made headlines across the board […]

    2. ddos Protection - May 28, 2008

    I find this blog very informative. keep it up!

    3. gilbertmana - May 31, 2008

    Intern program for more details check out…

    Intern Program

    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out /  Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out /  Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out /  Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out /  Change )


    Connecting to %s

    %d bloggers like this: