Distributed denial of service (DDos) attacks

Recently I heard about the cyber attack on South Korean govt/media/other sites, using distributed denial of service (DDos) attacks, which slowed down their sites considerably.

My question, how does this work?

How many Dos would one need to break a site?

Are all sites vulnerable to such attacks?

How can one avoid this?

If this can happen to them then its most likely it will happen to us too, so any solutions?

dude AFAIK dos is just a kind of attack in which a server is given too many request at a time thus it becomes very slow and creeps on its knees thus the websites goes down....

now most of companies are using anti DOS attacks

thus most of servers are safe...

they limit the maximum number of request from one IP

i guess u shud read this http://en.wikipedia.org/wiki/Denial-of-service_attack

I guess a combination of Firewall, Switches, and router, will ensure protection from DDos. Of course the settings also should be set straight.

@moderators

Is wiredPakistan capable of tackling such attacks?

DUDE

even switches and routers can be DOS attacked....

Let's say you have some office in a building on 10th floor. What will happen if 10,000 people come and stand in front of your office gate on 10th floor? The legitimate users i.e. your office employees will be unable to enter.

Now how do you prevent it? Well for starters you can hire a guard that will keep those users away from gate front. But what if those 10,000 people now blocks the hallway i.e. even though your office gate is not crowded now, the hallway through which people come to office is crowded which means although some people are able to enter now since gate is not crowded still many people won't be able to enter.

Ok then you hired another guard to ensure no body blocks the hallway. But what if those 10,000 people now blocks main building gate? Now more legitimate people will be able to enter but still there will be some people who won't be able to enter.

The scenario I presented above is called DOS. Think of your office as your website/server while people is the traffic coming to your website/server. The measures I wrote above is how we block DOS i.e. by isolating bad traffic. Preventing DOS blocks good traffic too but that is very small as compared to how much bad traffic it blocks.

DDOS simply means bad traffic is coming from several different locations for e.g. your website is DOS attacked from several different countries.

@Techman

So a combination of Firewall, Switches, and router, can ensure protection from DDos, right?

[quote=", post:, topic:"]

@Techman

So a combination of Firewall, Switches, and router, can ensure protection from DDos, right?

[/quote]

Yes. The trick is to filter out bad traffic before it comes to website. This is done by hiring services of ddos protection companies. So what happens then is instead of users coming to your website directly, traffic will first go to that service provider which will block bad traffic and redirect good traffic to your website.

Although there is technical detail involved I have just simplified the above scenario for better understanding.

[quote=", post:, topic:"]

This is done by hiring services of ddos protection companies. So what happens then is instead of users coming to your website directly, traffic will first go to that service provider which will block bad traffic and redirect good traffic to your website.
[/quote]

What kind of companies are we talking here, could you name any?

Are there any such services available in Pakiland?

Are they expensive?

How much do they usually cost?

[quote=", post:, topic:"]

What kind of companies are we talking here, could you name any?

Are there any such services available in Pakiland?

Are they expensive?

How much do they usually cost?

[/quote]

One of the Pakistani company I know is blockdos.net

They are providing DDOS protection to two largest Pakistani banks. There are some international clients too.

And yes DDOS protection is expensive!

[quote=", post:, topic:"]

Yes. The trick is to filter out bad traffic before it comes to website. This is done by hiring services of ddos protection companies. So what happens then is instead of users coming to your website directly, traffic will first go to that service provider which will block bad traffic and redirect good traffic to your website.

Although there is technical detail involved I have just simplified the above scenario for better understanding.

[/quote]

IIRC, there is also the concept of redirecting DDOS traffic to a black hole.

Distributed denial of service attacks are generated using massive botnets (or dosnets) and are very tough to control. However, they're tackled as almost all the IPs of the botnet are banned or as the traffic is null routed after a while or when botnet loses some nodes due to several possible reasons. Null routing is more commonly used where a particular behavior or type of type of packet is expected and thereby set to be dropped. It's common to be installed by default on high quality routers to combat dDoS attacks.

P.S. null routing is the same as blackhole routing Asad referred to above.

[quote=", post:, topic:"]

Distributed denial of service attacks are generated using massive botnets (or dosnets) and are very tough to control. However, they’re tackled as almost all the IPs of the botnet are banned or as the traffic is null routed after a while or when botnet loses some nodes due to several possible reasons. Null routing is more commonly used where a particular behavior or type of type of packet is expected and thereby set to be dropped. It’s common to be installed by default on high quality routers to combat dDoS attacks.

P.S. null routing is the same as blackhole routing Asad referred to above.

[/quote]

I was just going to ask about it.

Thanks

Well if you are a Security Professional. You will know that you cannot make any network resource 100% proof of DOS or any other attack. No matter how many firewalls, softwares, tools etc you use. But you can make it difficult to break and attack the network resource.

There are work arounds to deal with DDoS, but there is NO fool proof method to avoid a major DDoS attack. Thats because of the nature of the DDoS attack technique. If you try restricting access, there's always the side effect of locking out legitimate users. Huge bot-nets are a major threat and the device for such kinds of attacks. Anybody with a huge bot-net control can DDoS a major web server. You just need some experience and resources.

Which countries do you think most likely are capable of Launching a DDOS attack?

[quote=", post:, topic:"]

Which countries do you think most likely are capable of Launching a DDOS attack?
[/quote]

You don’t need whole companies or armies or governmetns to launch DDoS attacks.

Any good programer/hacker in a basement, with proper knowledge and experience of writing viruses that can spread easily through USB flash drives/emails/social sites etc, to make up a very huge network of zombie PCs, can use ‘his’ network of slave-computers to initiate an attack on any victim server.

This is professional Scripting , Some do in DOS some with other stuffss..

dos are piece of cake to handle but sever ddos are nightmare for admins , hardware firewalls and external ddos protection services (filtering thing) are pretty expensive for many.

Most common are on port 80, and the ones on smtp are even difficult to handle in hosting environment specially.

In the end its lack of security not on the server being attacked, rather on all the servers involved in the ddos i.e. being used by hackers to initiate the ddos attack.

LibertyReserve was attacked with this DDos

Hackers Attack Facebook, Twitter

http://www.dailytech.com/article.aspx?newsid=15912

[quote=", post:, topic:"]
Hackers attacked popular social networking sites Twitter and Facebook Thursday in what appeared to be a coordinated attack. The website for the White House was attacked in a similar fashion in early July.

The attacks against the social networking sites were denial of service attacks that were reportedly centered on a Georgian blogger who had accounts on both Twitter and Facebook reports Reuters. Twitter co-founder Biz Stone said Twitter would not speculate on the reasons for the attack.

Stone told Reuters, "Twitter has been working closely with other companies and services affected by what appears to be a single, massively coordinated attack."

The attacks left many Twitter and Facebook users unable to access the social networks and unable to post updates. Twitter was actually offline for several hours early in the day on Thursday. Facebook users were hit with login delays in addition to at times not being able to post updates.

Reuters reports that some speculate other sites, including Google were attacked as well. One social networking site called LiveJournal reports that it was attacked by the same group. Google reports that it had been in contact with some non-Google sites to help with the investigation. The search giant issued a statement saying, "Google systems prevented substantive impact to our services."

Steve Gibson from Gibson Research Corp told Reuters that the newfound popularity of Facebook makes it a target for this type of group. According to experts on cyber security, a single coordinated group could have been behind all of the attacks.

Kevin Price, CTO of Perimeter eSecurity said, "History would tell us that it's probably the same attacker or group of attackers that is launching both attacks."

[/quote]