Dr. Bill Highleyman will be griving an in-depth presentation about DDoS attacks at The Continuity Insights Regional Business Continuity Conference on Wednesday, Oct. 8.
The concept of a DDoS attack is simple. Generate enough malicious traffic to a web site, and it will be unable to respond to legitimate requests. The data rate generated by recent DDoS attacks has been measured in the hundreds of gigabits per second. Not many corporate web services can withstand even a fraction of that amount of malicious data. The damage DDoS attacks can do to a company’s public-facing Internet services, such as web sites or to the Internet in general is massive.
DDoS attacks are launched from botnets comprising thousands of compromised PCs and servers controlled by a bot master. DDoS attacks are easy to create using rented botnets and publicly available software.
DDoS attacks take many forms. Some attack the Internet Layer (Level 3) and Transport Layer (Level 4) of the Internet Protocol suite. Others attack the Application Layer (level 7). A particularly vicious form of a DDoS attack is a DNS reflection attack, in which a short request to a DNS server results in a large message sent to the victim machine. Gigabits per second can be directed to a victim’s system from an attacker who only has to generate megabits per second of malicious data.
DDoS attackers are very sophisticated. They monitor the success of their attack, and if the victim throws up defenses to mitigate the attack, they change their method of attack.
One defense against DDoS attacks is to subscribe to a DDoS mitigation service provider. These are companies with a large number of massive data centers. They can spread the attack over multiple data centers, scrub the attack data, and return only valid data to the victim. They also monitor the nature of the attack and change the victim’s defenses to meet the current attack strategy.
DDoS attacks are increasing in frequency and in size every year. Companies must prepare for the likelihood of losing their public-facing web services and must make plans for how they will continue in operation if these services are taken down. This should be a major topic in their Business Continuity Plans.
This presentation describes the technology behind DDoS attacks. The creation of the many types of botnets used to drive DDoS attacks is discussed. Some recent DDoS massive attacks are described. Included are several attacks on major U.S. banks that took down their online services for days. The various types of DDoS attacks are explored, including attacks at the network level, the infrastructure level, and the application level. Mitigation services that are available to thwart a DDoS attack are presented.
For more information, or to register for the conference, click here.