Distributed Denial of Service (DDoS) attacks are back in the news; it seems that barely a month goes by without media reports of a website or service being brought down by a DDoS attack. Sony’s PlayStation Network again became the victim of such an attack recently, while hacking group Anonymous is on a disabling offensive of extremist websites.
DDoS attacks can come in a variety of shapes and sizes. However, the aim of a DDoS attack is always the same: to saturate a server with so many requests that it simply cannot cope, leaving legitimate users unable to connect.
Attackers will sometimes use their own network of computers to launch DDoS attacks, but what is now more common is for them to use a network of PCs across the world that have been infected with malware that is capable of joining in a DDoS attack without the owner’s knowledge.
We’ve written before about the easy availability of DDoS attack kits, which anyone can download and use to launch their own attacks.
DDoS attacks were one of the primary methods used by Anonymous and LulzSec to tackle their victims: the Vatican, the Church of Scientology, the Australian government were all hit, as were Amazon, PayPal, MasterCard and Visa in response to their perceived lack of support for whistleblowing website WikiLeaks.
Some of these big name companies could perhaps have predicted a DDoS attack was on its way; taking a stance against Anonymous would often leave a company in its firing line. In fact, Anonymous often warned targets that an attack was imminent.
But for many other businesses, predicting a DDoS attack is difficult, and the results can be disastrous: loss of revenue-generating applications as well as reputational damage can negatively impact a business for years.
Why would a company be a target for DDoS attacks? Hacktivism is certainly one reason, competition with rival businesses is another. But beyond that, it is tough to establish whether a business is at risk and, if so, from whom? With the exception of the aforementioned Anonymous messages, DDoS attacks can start without warning.
So while predicting an attack may be difficult, protecting against one is less so. There are ways a company can keep its applications, services and even its whole network online without stopping legitimate traffic. A sophisticated firewall manager, application security manager and local traffic manager combined provide the protection needed to mitigate DDoS attacks, from blocking attack traffic to re-routing legitimate requests to ensure uptime.
Analysis is also key: understanding who is attacking you, as well as how and why, can help prevent an attack from causing too much damage and can help protect against future attacks.
Establishing which layer is being attacked (application, network or session, for example) will help a company know where to focus its resources, and intelligent firewall management will be able to inspect all traffic coming into a network and stop traffic that is coming from a DDoS attack.