The rise of DDoS attacks and what it means for web security

Distribute denial of service attacks (DDoS) are not new, but they are increasing and evolving at a startling rate. If the Wikileaks “infowar” teaches us anything, it’s that many of the traditional online security measures can’t stand up to the DDoS evolution. However, the Wikileaks-inspired attacks are not as coordinated as one might typically expect from a DDoS engagement.

During a typical attack, a single attacker launches a single type of assault on as massive a scale as he or she can muster. But this latest round, encouraged by continuous mass media reporting and the emotive nature of the cause, has created a flashmob style of attack.

The result is that instead of a network fending off just one kind of attack, say a SYN flood, it is now fighting a range of assault vectors such as TCP connection flooding, ping of death, and excessive HTTP headers.

It’s a brave new world of flashmob DDoS fuelled by social networks, armchair activism and cheap bandwidth. (Not in SA obviously, but definitely in the US and Europe, where many of the zombie attacks stem from). Getting involved in a corporate take-down has never been this easy, you just have to sign up, download a piece of software and let the professionals take care of it. (Scary when you think of it. Imagine all those people who normally have nothing better to do than comment on forums having an outlet that can do actual long-term real-world damage…)

As an example of this, look at the recent news regarding the movements against VISA, Mastercard, Paypal and others. In a fairly uncoordinated assault, attackers were able to take down certain parts of the sites.

According to the merchants no cardholder information was compromised, yet it shows how even uncoordinated attacks can cause havoc. Internet vigilantism is on the increase and organisations need to protect themselves accordingly.

The security challenge has been transformed and security professionals need to change with it. The key lies in understanding the attack strategy – distribution – and how that can be used to protect corporate and government networks.

While a well-written Firewall Rule can potentially stop or stem the flow of certain DDoS attacks, a new approach to stop these attacks needs to be taken. Application Delivery Controllers or Application Firewalls in front of your online presence are a must.

These devices provide protection by using tried and trusted methods as well as defensive policies to address specific behaviour to ensure that the impact of any attack is minimised, that server uptime is maximized, and that the operators are notified.

In this age of internet activism and vigilantism, solutions such as these should not be “nice to haves” but rather “must haves” for companies that take their online presence and their security seriously.



Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Memeburn

Sign up to our newsletter to get the latest in digital insights.