DDoS Attacks (Part II) - The New Line of Defense

DDoS Attacks (Part II) - The New Line of Defense. (IMG: J. Anderson)

As discussed in the previous article of this series, knowing that hacktivists are indeed targeting high-profile networks is important, but let’s look at what organizations are doing to defend themselves.

First and most obvious of all, let’s talk about what the most common response is, and what is even seen as common sense: the knee-jerk reaction is to throw hardware and software resources at the problem. Just because it’s the most common response doesn’t mean that it’s effective.

Knowing that there’s going to be a steep spike in incoming mail and other requests, many organizations are following the “more” strategy: more Web servers, more e-mail servers, generally more capacity to handle more requests. Hand-in-hand with that strategy, they’re increasing the quantity of firewalls in-house.

It’s not that these measures are wrong, per se, and some may indeed help stem the tide. But, as some recent attacks have shown, the volume of incoming requests can far exceed any in-house capacity in a hurry. That’s why some organizations go further in building barricades to shore up their defenses and this is when the real problems start to emerge.

First, many organizations are deploying more peripheral devices into the mix. However, these devices don’t have the facility to undertake deep-packet inspection, and that’s a crucial element in mitigating DDoS attacks.

Others have opted for Intrusion Detection Systems, which monitor network or system activities for actions that suggest malice or even policy violations. There are many forms of IDS, and they do play a role in defending against some potential attacks. However, it’s important to keep in mind that in certain scenarios, they may even serve to increase the danger of the attack.

Then there are the different incarnations of CDNs, for content delivery or content distribution networks. These are essentially server farms deployed offsite, and they’re particularly useful for offloading the traffic served from the content provider's point of origin.

They’re used extensively in media or e-commerce infrastructures, and can offer the benefit of significant savings while enhancing core performance. Such services don’t come cheap, however, and more problematically, some dynamic attacks can be designed to travel straight to the origin servers.

Finally, there are now some specialized DDoS mitigation hardware packages that have come into the market. Yet, these too are only as effective as the capacity of an organization’s Internet connection. More bandwidth helps, of course, but that can get very expensive very fast, especially given the data volumes involved in a concerted DDoS attack.

In sum, it’s like an arms race, but winning is financially indefensible. It’s much cheaper to generate bogus traffic than it is to defend against it with evermore infrastructure and bandwidth.

So what’s the answer? Are there any viable (economically and otherwise) defenses available?

The short answer is yes, and here are the initial steps you should take:

First, open a communications channel with the Internet service provider immediately. It’s vital to get a sense of the volume of incoming traffic, since that will guide the response. Most importantly, given their best estimate, can the existing Internet connection handle it?

Next, try to get a geographic fix on the problem. If most of the spike is coming from a specified country or region, it may be possible to block all traffic from that point of origin. Of course, this will also halt legitimate traffic from that source, but in some cases that may be a small price to pay.

Also try to ascertain which pieces of the infrastructure can be reached while the attack is in effect. Can you get to your peripheral device? Log in yourself from an external source to see which connections are still open, and where the traffic might be coming from. In fact, it’s sometimes possible to add some blocks internally, but this is a very temporary fix.

If possible, it’s also wise to check Web server access logs to see if the attacks are hitting a particular URL. If they are, then it might be necessary to disable that target temporarily—it hurts in the short term, but minimizes overall damage to the brand.

Next, monitor all relevant social media channels immediately — it’s generally how hacktivists coordinate attacks. See if it’s possible to find relevant posts on Google, Facebook, Twitter, IRC (Internet Relay Chat) rooms, etc. Remember, hacktivists want to draw attention to their activities, and they’re comfortable using public forums for this purpose. Some entities have used these tactics to stay one step ahead of the attackers.

Ultimately, once this inevitable has happened, you should conduct a post-mortem: identify which piece of the infrastructure failed, and why.

Keep in mind though, by following all these steps, it still might not be possible to completely prevent DDoS attacks by yourself. But by developing, implementing and regularly stress-testing comprehensive response strategies, organizations can certainly mitigate, even minimize, the damage.

Next week, we talk about what steps you should take when relying on external parties to help mitigate DDoS attacks.

Miguel Ramos is the Senior Product Manager of Neustar, Inc., a provider of real-time information and analysis to the Internet, telecommunications, entertainment, advertising and marketing industries throughout the world.

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

Man Makes Tiny Edible Pancakes with Tiny Kitchen Tools (Video)

This Japanese guy cooks up some pancakes…nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!

What Color is this Dress?

White and Gold or Blue and Black?
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in photo is probably  causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a University in the UK told the BBC that it was impossible to see what other people see but that it was most […]

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

McLaren 675LT Wallpaper

Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]

Stunning Mars Rover Selfie

This image by the Curiosity Mars rover is not exactly your typical selfie. It is made up of a bunch of images taken by the rover during January 2015 by the Mars Hand Lens Imager. This (MAHLI) camera is at the end of the robot’s arm. For a sense of scale the rover’s wheels are about 20 inches diameter and 16 inches wide. Check the annotated image below for more information on the surroundings. Also if you really want to see some detail click this very large image, 36mb, at NASA.  

How the Sahara Helps Feed the Amazon (Video)

Sahara to Amazon
This cool video from NASA shows how dust is transferred across the Atlantic to the Amazon rainforest and helps nourish the plants growing there. For the first time scientists have measured the amount of dust and the amount of phosphorus in the dust. The later acts like a fertiliser and helps replenish the phosphorus the rainforest loses each year, around 22,000 tons. Amazing how something we perceive as being desolate like a desert actually has an important role in sustaining somewhere we see as teeming with life. Image and video from NASA’s Goddard Space Flight Center.

Bouncing Laser Guided Bomb (Video)

This amazing video shows a laser guided bomb bouncing back up after hitting its target. We actually think this is a non-explosive bomb designed to test guidance systems but it is still pretty remarkable and somewhat scary.

South Koreans Swallowed by Sinkhole (Video)

Thankfully the couple survived their adventure.
This amazing footage taken from the CCTV on a passing bus shows the moment two pedestrians in South Korea fall down a sinkhole in the street! Rescue workers managed to save the pair, who were treated in a nearby hospital for minor injuries. According to reports the city authorities and the Korean Geotechnical Society are looking into the cause.