The challenge with DDoS attacks like the one that hit Reddit is separating malicious traffic from legitimate, said security analyst Alex Horan. “If you wait until the traffic hits your site to make that distinction, it is too late. You are wasting processing time and bandwidth making that determination,” he said.
Reddit got a black eye this week after being hit with a distributed denial of service (DDoS) attack Friday morning. The attacks left the site dark for a while and with spotty service well into the afternoon.
“Having some technical difficulties right now. We’ll be back ASAP,” the @redditstatus Twitter feed reported before sunrise on the East Coast Friday morning. About 6:30 a.m., the site noted it was “working on mitigating a malicious DDoS attack.” Within 30 minutes, the site seemed to be up and running again but some of the functions were still hurting from the fallout.
The Whys and Hows
Alex Horan, senior product manager at Core Security, said the important point about DDoS is the initial ‘D’ for Distributed. In other words, Reddit could not easily distinguish between legitimate traffic and attack traffic.
“If you wait until the traffic hits your site to make that distinction, it is too late. You are wasting processing time and bandwidth making that determination,” he said. “You need to work with the downstream Internet providers to make that distinction as close to the source of each of the nodes participating in the attack and drop the traffic there. This, in theory, could make the whole Internet faster, as less of this malicious traffic would make it to the shared information superhighway.”
Horan said understanding the motive of the attackers is useful for the general community. Of course, he added, consumers shouldn’t necessarily change our behavior because of the threat of a DDoS.
“It is important to learn the whys and the hows of these attacks and attackers so we can better anticipate what actions might provoke them,” he said, “so we can be forewarned — and technically what actions they will take so we can apply the right defenses — be forearmed.”
Sending a Message?
Richard Westmoreland, lead security analyst for the Security Operations Group at SilverSky, said DDoS attacks are normally launched to send some form of a message and can vary greatly in terms of their sophistication.
“It has been widely speculated in federal circles that due to the sheer mass and complexity of these recent attacks that they are the result of an escalating cyber war with Iran. DDoS attacks have become the preferred and paid weapon for many politically motivated groups,” Westmoreland said.
“This is both a scary and positive aspect to these types of attacks. The negatives are that they are perpetrated by professionals who have the skills and resources to effectively launch these attacks, and there is little that can be done to stop them. The consolation is that these attacks are generally shorter in duration before moving on to other targets.”
For protection against your eCommerce site click here.