Denial of Service Attacks

Problem and Protection

Anonymous fights for WikiLeaks

A denial of service attack involves intentionally

overwhelming a server by flooding it with bogus

requests.

How attackers do it

Using viruses, they get botnet software on PCs.

They coordinate botnets to send requests simultaneously.

Developers can’t do much about DoS

o  It is the domain of system admins.

How we protect ourselves

o  Prevent/remove botnet software o  Turn off unneeded services o  Enable quotas o  Overprovisioning o  Blackholing o  Block invalid traffic o  Block the attackers’ IPs o  DDoS mitigation appliances o  Wait for them to get bored and move on

Prevent and remove botnet software

o  This doesn’t protect you. It protects others. o  Malware detectors can find and clean them.

Turn off unneeded services

o  Attackers can’t misuse a service that doesn’t exist.

Enable quotas

o  Turn on CPU, disk usage, and network traffic quotas per user.

o  Will allow your server to continue to run during an attack

o  But will hurt legitimate users during peak times

o This is nigh impossible with a DDoS attack.

Blackholing takes your business offline

Block invalid traffic

o  Usually impossible because bogus requests look exactly like valid ones.

o  Sometimes though, attackers will use pings or bogus IP addresses. Routers can drop them.

Block the attackers’ IPs

o  Isolate bogus traffic from valid traffic. •  Set your firewall to ignore requests from that IP

or range. •  Attackers can spoof their IP via relays.

DDoS mitigation appliances will sanitize

traffic

Wait for them to

get bored and

move on

Summary

o  Denial of service attacks can be devastating to a business

o  They are impossible to predict and nearly indefensible.

o  We can turn on quotas, turn off services, over-provision, and use DDoS mitigation appliances beforehand.

o  We can blackhole, block IPs and strange traffic during the attack.

o  But none of these can completely protect us.