ITC Security Threat of the Week – Week 16: Distributed denial of service attacks – Why me, what can I do?

There has been much press, publicity and fanfare around notable distributed denial of service attacks against well known, highly visible or perhaps somewhat controversial targets recently.


Examples include gambling operators, television stations, online gaming (Eve online for instance), government sites etc.


The reasons for attacks on these sites are legion (no pun intended) and range from serious hacktivists with a social conscience or political motive, for instance Anonymous attacks on the USA tobacco industry in protest at the industry’s lack of support for the legalisation of marijuana, through kids trying to make a name for themselves to organised crime and extortion.


When assessing one’s risk of becoming a DDOS target, the context of your presence on the Internet, the scale of your digital image and brand, the industry you operate in and the people you do business with must be assessed.


DDOS attacks come in a number of flavours. In the most common, a sleeping mass of online infected machines (a so called Botnet) are instructed to connect to the web facing infrastructure of the target simultaneously using a number of techniques. Botnets are assimilated by either the attackers themselves or can even be bought or leased online.


In the second more discerning attack, multiple hackers, script kiddies and wannabees direct their machines, sometimes through an anonymising layer at the target using a number of tools, usually with fancy space age names such as ‘High Orbit Ion Cannon’ (HOIC), or Low Orbit Ion Cannon (LOIC).


Defence against DDOS attacks must be thoroughly designed and planned and deployed as far into the Internet cloud as possible. ITC advises that web traffic is routed through in-cloud application firewalls and ddos filters (such as Imperva) and traffic to other hosted services is tightly restricted as far into the Internet providers network as possible using access control lists.


Management of Internet facing equipment MUST be possible out of band using a dedicated management network, similarly protected and unrelated to the production network. Furthermore, DDOS architecture and operational plans must be regularly tested.


If you would like to discuss DDOS with an ITC engineer please contact us via our website, if you can reach it.