Monday, February 28, 2011

how to Shoring Up Defenses Against DDoS Attacks??

DDOS Content Sponsored by BlockDos.Net Block DOS
(The Hosting News) – A DDoS attack is defined a distributed denial of service attack. This kind of attack tries to make a computer resource unavailable to users. There are different ways in which this kind of attack can be carried out. The reasons and targets for these attacks vary, but the end result is the same, shutting down a system so users cannot access it. The point of a DDoS attack is to prevent an internet site or service from functioning normally or at all. The most targeted web sites for these kinds of attacks are banks, credit card payment gateways, e-business sites and root name servers. A common method of attack is to flood the server with external communications so that it cannot communicate with legitimate traffic, or causes the server to run so slow it is rendered in effective, causing actions to time out. A DDoS attack is carried out by either forcing the target computers to reset, or consuming resources to the point that the targeted computer or server can no longer achieve its primary function. Attacks like this will also limit or stop all communication between the user the victim. A DDoS is a crime most, it violates the Internet Architecture Boards’ internet proper use policy, and TOS of all major internet service providers.

There are different programs that can be used to perform DDoS attacks, some are actually written for benign use, but can be used for malevolent purposes. These programs are written with the intent of performing DDoS attacks while others are true packet injectors and able to perform other tasks.

Examples of the legitimate tools used are hping, socket programming, and httping. There are also underground tools available for such attacks.

Signs of an Attack

The US Computer Emergency Response Team defines symptoms of a DDoS attack as :

Unusually slow network performance, either processes or opening files.

Unavailability of a website

Inability to access a web site

Dramatic increase in spam emails, this is an email bomb.

DDoS attacks lead to issues with branches of a network being attacked. The attack over loads the network; other branches will try to compensate for the increase in traffic. This causes the whole network to slow down. A large enough attack can shut down entire regions of internet connectivity.

Types of tactics a DDoS will use

These are the most common types of DDoS Attacks:

1) Consumption of computational resources: such as bandwidth, disk space, or processor time.

2) Disruption of configuration information: such as routing information.

3) Disruption of state information: such as unsolicited resetting of TCP sessions.

4) Disruption of physical network components: Such as the actual server

5) Obstructing the communication media: between the intended users and the victim so that they can no longer communicate adequately.

The DDoS attack may also use malware to cause further damage:

* Max out the processor’s usage so no work gets done
* Cause Microcode errors in the machine
* Lock up the computer by giving the processor erroneous sequencing
* Locking up the computer through the operating system through resource starvation.
* Crashing the operating system itself.

Weapons of a DDoS: What can be used against you?

ICMP Flood: ICMP flood, also known as Ping flood or Smurf attack, is a type of Denial of Service attack that sends large amounts of (or just over-sized) ICMP packets to a machine in order to attempt to crash the TCP/IP stack on the machine and cause it to stop responding to TCP/IP requests.

Tear Drop Attacks: Use corrupted IP fragments of overlapping over sized payload to over load a target’s computer. This can cause the operating system to crash due to the TCP/IP reconfiguration reassembly code.

Peer to Peer Attacks: An attacker uses other computers to attack a victim, over loading the victim’s computer.

Permanent Denial of Service Attacks: Attacks that are so destructive they cause hardware to be reinstalled or replaced.

Application Level Floods: Floods the victim server with an overwhelming number of packets, causing the CPU to become confused and crash due to lack of resources.

Nuke: This attack is just as it sounds. The attacker sends corrupt data over and over to the victim until the computer locks up.

Distributed Attack: The attack comes from multiple fronts the attacker hides his whereabouts this way. The multiple fronts then flood band width, or take up resources causing system crashes or locking up the server.

Reflected Attack: This attack uses forced requests sent to multiple locations to flood the victims computer with response.

Degradation of Service attacks: Attackers use infected computers to degrade service of a server by flooding it intermittently. This type of attack is hard to detect because the victim has to determine if the traffic on the server is normal or not.

Unintentional Denial of Service: This is not an intentional attack, but is a result of users being directed to a smaller site from a larger site. The smaller site is typically unprepared for a jump in traffic.

Denial-of-Service Level II: This locks the network off the net, by triggering a defense protocol to block traffic to the internet. This will take the network off the net without shutting down the network itselfBlind denial of service: The attacker must be able to receive traffic from the victim, then redirect the traffic then either subvert the routing fabric, or use the attackers own IP address. This type attack the attacker can use multiple forged IP addresses to launch the attack.

DDoS Attacks: End Game
DDoS attacks can take a website down quickly and emphatically. By knowing what you are facing you can defend against them. DDoS Attacks range from brute force incursions, to surgical strikes against key components of a network. The right tools to set up your defenses and a DDoS attack can be stopped cold.
source