This post was translated by Dynect Platform European Nordics Reseller Excedo Networks and posted on the MyNewsdesk blog in Swedish. Below is a Google translation to English for the Dyn.com Dynamic Discourse blog readership. This DDoS post was originally posted by our CTO, Tom Daly back in August of 2009. A big thanks goes out to Excedo Networks CEO Michael Duffy for spreading DNS education and awareness to a global audience. DNS is Sexy for technologists worldwide as we, along with our Dyn Inc. partners, continue to do all we can to grow the understanding and importance of premium managed DNS.
Recent days have been crazy and hectic for many people on the Internet. Most have probably heard some form of news reporting on some high-profile denial of service attacks, or rather, “Distributed Denial of Service (DDoS) attacks against the Swedish companies and authorities, but also international companies such as Mastercard. For Excedo Networks and Service Excedo DNS powered by Dynect, we have closely followed and monitored this development as we have checked and monitored our system’s performance, combined with that we have been evaluating and applying our DDoS mitigation strategies.
Below I highlight some of the technical aspects of the DDoS, DDoS what is and some tips on what steps could be taken to network design and other mitigation measures. Important to note is that this is the Distributed Denial of Service (DDoS) attacks and not on attacks on the Domain Name System (DNS). Many times confused the two, and above all the media is failing to distinguish between the fact in its reporting.
What is DDoS?
A DDoS is all trials are conducted directly by a person or human-made software in order to deny users access to some sort of service, through the implementation of a distributed coordinated attack. The attacker’s goal is to hit the target computer system in such a way that it can no longer provide the service provided to authorized users of the system.
A DDoS attack is based on a large amount of calls, with a relatively small amount of data, simultaneously and continuously from multiple computers is sent to a computer system or network, for example, can you ask for big files from a Web server. It exposed the system is overloaded by the large amount of calls and only little capacity remains for other communications.
Below are some examples:
Example 1: Use multiple computers to create numerous ICMP “ping” packet to a destination as quickly as possible to overload the Internet connection, the firewall or the target system that you are trying to knock out. By eliminating some of the components of this system means that the network “choke” and authorized users are denied access to it.
Example 2: Spread malicious code to as many machines as you can run on unsuspecting users’ computers, and use the code to take control of these machines by the code makes it possible that there is a link back to a central host that you have control over . Then use the controls available to control “the hijacked machines” that send out tons of spam. Yes, to send spam is a type of DDoS attack. This type of complex networks of controlled hosts and compromised machines “is something that the industry calls a” Botnet “, and it has many more functions than just sending out spam.
Example 3: Bring all your colleagues (> 20st) and go the nearest coffee shop in the middle of rush hour during lunch. Sign up at the same time and try out an order at the same time. Of course, you should order the dish that requires the greatest effort from the staff of the cooking. You will effectively launch a DDoS attack (Distributed = number of persons who are coordinated == all have planned it) to the cafeteria staff.
During the Internet’s earlier days, we saw a more basic form of these attacks, Denial of Service (DoS) attacks, where a machine on the Internet attacked another machine on the Internet, one for one. In this case, the impact of DoS limited to the capacity of each party’s Internet connection or computer resources.
In short, a DDoS attack is an attempt to “stifle” or hitting the weakest link of an Internet system by the distance to overload it.
Targets of DDoS
In many of the recent attacks have been the target site’s servers. Those who carried out the attack probably was trying to overwhelm your Internet connection to these sites, firewalls, load balancers and web servers. This is a direct attack on the home page.
But wait a minute now, there are other types of attacks as well. Remember that in order to even get to a website that you want to go to, your computer needs to do a DNS query to determine the IP address of the site you want to. This allows access to a website knocked out even if DDoS attack is made against DNS servers. Many Swedish companies are relying totally on their suppliers of DNS that does not offer DNS as its primary service – and are therefore very vulnerable because the DNS solutions often are of very low standard from a safety and capacity perspective. For this reason it is advisable to let your DNS operations handled by experts, which delivers a solution with the latest Anycast technology and focusing on the primary DNS!
Protect your website
The effects of the efforts of getting smaller and smaller over time. If you are not a target for DDoS attacks, you will spend lots of money to be fully protected. If you are a target for DDoS attacks, you will spend lots of money to protect you. And when you’re a target, you will most likely end up in a duel with those carrying out attacks in which you will compete to see who can create the largest and most powerful network to either generate or DDoS filtering and mitigate the effects of DDoS. Only few suppliers in the world today, network and services with sufficient capacity for the latter.
The main points on how to prevent and mitigate DDoS is simple:
- Do not make yourself a target – keep your network clean from spammers and other unscrupulous individuals who may cause problems – you will be able to avoid becoming involved in their antics.
- Awareness – Know your network’s normal behavior so you can identify when you’re exposed to DDoS. There are many different tools that can help you with this such as; Netflow, sFlow, Splunk, Nagios, Cacti, Smoke Ping, Munin, and others.
- Capacity – If you can, build the biggest network that you can, with the effective components of the routers on the Internet for Layer 3 and 4 limit, and a layer of “deep packet inspection / caching / scrubbing” in the core of the network for more advanced limitation of Layer 4 through 7. Finally, make sure you have enough server capacity, and that they are designed for optimum performance at high load.
- Practice – Test your defense plans. Knowing how to apply your defense strategy is as important as buying and installing it. If you do not know how to use it effectively, why bother to even get it?