A
distributed denial-of-service (DDoS) attack aims to exhaust the resources of a
network, application or service so that genuine users cannot gain access.
There
are different types of DDoS attacks, but in general a DDoS assault is launched
simultaneously from multiple different hosts and can affect the availability of
even the largest enterprises’ internet services and resources.
They
are a daily occurrence for many organizations; based on thenth Worldwide
Infrastructure Security Report, 42% of respondents saw more than 21 DDoS
attacks per month, compared to 25% in 2013.
It’s
not just the frequency of these attacks that is increasing, but their size as
well. In 2013, there were fewer than 40 attacks that were more than 100 Gbps,
but in 2014 there were 159 attacks over 100 Gbps, the largest being 400 Gbps.
Enterprise
Networks should choose the best DDoS Attack prevention services to ensure the DDoS attack protection and
prevent their network.
Types of
DDoS attacks explored:
The
different types of DDoS attacks vary significantly but generally fall into one
of three broad categories:
·
Volumetric attacks —
These attacks aim to overwhelm a network’s infrastructure with
bandwidth-consuming traffic or resource-sapping requests.
·
TCP state-exhaustion attacks —
Attackers use this method to abuse the stateful nature of the TCP protocol to
exhaust resources in servers, load balancers and firewalls.
·
Application layer attacks —
The target of these attacks is some aspect of an application or service at
Layer 7.
Volumetric attacks remain the most common of the types of DDoS attacks, but
attacks that combine all three vectors are becoming commonplace, increasing an
attack’s length and magnitude.
The
main drivers behind DDoS attacks remain the same:
politics and ideology, vandalism and online gaming. Yes, gamers will DDoS a
gaming infrastructure just to gain a competitive advantage in playing and
winning an online game.
While
DDoS is the weapon of choice for hacktivists and terrorists, it’s also used for
extortion or disrupting a competitor’s operations.
The use
of DDoS attacks as a diversionary tactic is also growing. For example, advanced
persistent threat campaigns are using DDoS attacks against a network as a
distraction while exfiltrating stolen data.
With
the hacker community packaging complex and sophisticated attack tools into
easy-to-use, downloadable programs, even those who don’t have the necessary
know-how can buy the ability to launch and control their own DDoS attacks.
And the
situation is only going to get worse as attackers are beginning to conscript
everything, from gaming consoles to routers and modems, to increase the volume
of attack traffic that they can generate.
These
devices have networking features that are turned on by default and use default
accounts and passwords, making them easy targets to enlist in a DDoS
attack. Most are also Universal Plug and Play-enabled (UPnP), the underlying protocols of which can
be abused.
Akamai
Technologies found 4.1 million internet-facing UPnP devices were potentially
vulnerable to being employed in reflection types of DDoS attacks. The growing
number of poorly secured or configured internet-connected devices is increasing
the ability of attackers to generate ever more powerful attacks.
Prevention
Method:
Report:Worldwide DDoS Attacks & Protection
Securing
internet-facing devices and services is as much about helping to secure the
internet as an individual network as it is about reducing the number of devices
that can be recruited to participate in a DDoS attack.
Repeatable
Testing and Conduct a serious of method One of the Best Method conduct
Penetration testing for all kind of web application
vulnerabilities.
The
main protocols hackers are abusing to generate DDoS traffic are NTP, DNS, SSDP,
Chargen, SNMP and DVMRP; any services using them should be carefully configured
and run on hardened, dedicated servers.
For
example, enterprises running a DNS server should follow NIST’sSpecial Publication 800-81 Secure Domain Name
System (DNS) Deployment Guide, while the Network Time Protocol site offers
advice on securing NTP servers.
Many
attacks work because attackers can generate traffic with spoofed source IP
addresses. Enterprises need to implement anti-spoofing filters
as covered in IETF Best Common Practices documents BCP 38 and BCP 84 to prevent
hackers from sending packets claiming to originate from another network.
All of
the different DDoS attack types can’t be predicted or avoided, and even an
attacker with limited resources can generate the volume of traffic required to
take down or severely disrupt large, heavily defended sites.
While
it’s virtually impossible to completely eliminate or mitigate DDoS attack, the
key to reducing them in the long term is to ensure that all machines and
services are correctly configured so that publicly available services cannot be
harnessed and misused by would-be attackers. By helping others we will be
helping ourselves.
An
organization should always ensure and focus on maximum Protection level for
enterprise networks and you can try a free trial to Stop
DDoS Attack in 10 Seconds.
No comments:
Post a Comment