Distributed Denial of Service (DDoS) Attacks
Resources

Be Informed; Be Prepared

Recently, high-profile Distributed Denial of Service (DDoS) attacks against many government sites, as well as popular social networking sites Twitter and Facebook, have brought network vulnerabilities into the limelight. But these attacks were not the largest attacks in Internet history, nor did they cause the most damage. Unfortunately, DDoS attacks happen every day on a much larger scale and with more damaging effects than the attacks on Twitter. It is unknown exactly how many websites are susceptible to these types of attacks, but estimates range from tens of thousands1 to millions2 . We have compiled a timeline of major DDoS attacks.

More than half of Internet name servers ... are vulnerable to ... DDoS attacks,"The Measurement Factory reports3.


Worse, the incidences of DDoS attacks are rising. DDoS attackers are using open source software to perform these attacks, and their level of sophistication is evolving rapidly. They're becoming easier and easier to deploy. In addition, DDoS viruses and botnet agents lie dormant on thousands of machines, waiting silently to target on command. OS News reports that there is now even malware for the Mac that performs DDoS attacks4 .

Know the Difference: DoS vs. DDoS Attack

The goal of any DoS, or Denial of Service, attack is to cripple a web site, either temporarily or permanently, so that the web site can no longer respond to legitimate requests. A DDoS, or Distributed Denial of Service, attack occurs when multiple systems overwhelm the bandwidth of a particular target simultaneously. This is clearly the larger of the two threats, because the attack is sped up, so response time necessary by the target decreases, plus the volume of attacks increase, so damage increases incrementally.

How Does a DDoS Attack Work?

There are many different types of DDoS attacks, but generally the attacker or attackers pummel a site with false external communication requests that overwhelm it and render it useless. Wikipedia has excellent general descriptions of the variations of DDoS attacks5 .

How Can You Tell if You're Being Attacked

The United States Computer Emergency Response Team lists the symptoms of denial-of-service attacks as6 :

  • Unusually slow network performance (opening files or accessing web sites)
  • Unavailability of a particular web site
  • Inability to access any web site
  • Dramatic increase in the number of spam emails received

Who is Vulnerable?

Although high-profile sites that are reliant on the Internet for business success are often targeted, many smaller web sites have also been brought down. If a website has a competitor, who has the necessary knowledge or is willing to enlist the services of a black-market botnet provider, that site is vulnerable.

USE ONLY AS DIRECTED

Botnets were just the beginning. The bad guys will continue to use these to try and steal your data, but more sophisticated attacks over the application layer and targeted network attacks are on the way. " Network World Podcast, Danny McPherson from Arbor Networks, March 12, 2009

The attacks in Estonia degraded network service for nearly two weeks, and there have been numerous similar attacks on commercial and government targets in the U.S. over the past few years." Computerworld, May 4, 2009

Parabon Responds

We are now offering to any organization, public or private, a risk-free, no-obligation "red team" test attack to help them assess the reliability of critical network assets in the face of DDoS attacks. Details.

Though most of the press and blogosphere focused on Twitter, Facebook and LiveJournal, from an Observatory perspective those weren't even the biggest attacks (at least in terms of traffic rate/volume). Turns out that the 30 Gbps spike... represents a withering attack against the web portal of a 3G mobile operator in Asia." Arbor Networks, August 7, 2009

DDoS attacks are often considered one of the biggest problems on the Internet because they are very difficult to stop. They can last for weeks and are sometimes used by extortionists as a way to extract money from the organizations whose networks are being targeted." Computerworld, May 4, 2009