Tag Archives: stop ddos attacks

Russia Today hit by Distributed Denial of Service ‘DDoS’ attack as anti-Wikileaks group claims responsibility

The website of the Kremlin-funded news network Russia Today has been hit with a denial-of-service attack that some have linked with the station’s support for Wikileaks founder Julian Assange, and others with the impending Pussy Riot verdict. The English-language Russia Today (RT) tweeted on Friday morning that its hosting provider had confirmed RT.com was “under DDoS attack”. An anti-Wikileaks group subsequently claimed responsibility, but there is as yet no proof of this connection. It is notable that Friday is the day when a Russian court will decide the fate of three members of the punk protest band Pussy Riot, which has been very critical of Vladimir Putin. RT’s tweet came through at 8:12am. Around 20 minutes later, Antileaks tweeted that it was responsible for the DDoS, and attached a hashtag supporting Pussy Riot. The Wikileaks account then went on to condemn the attack, suggesting that it was connected with RT’s support of Assange, rather than the punk band. Assange, who faces extradition from the UK to Sweden to face questioning over sexual assault allegations, had a chat show on RT, with one of his guests having been Ecuadorian president Rafael Correa. Correa granted Assange diplomatic asylum on Thursday. However, that move has so far had a limited effect, since the UK does not recognise that type of asylum and Assange cannot get safe passage to an airport. RT is a strong supporter of Assange, but it is also a supporter of the Russian leader. Many free-speech advocates are incensed at the likelihood of the Pussy Riot members facing jail time for playing an anti-Putin song in a church. Summary: The Kremlin-funded channel, which featured Julian Assange as a talk-show host, says it has come under denial-of-service attack. Antileaks says it’s responsible, but the timing could more to do with the Pussy Riot verdict than Wikileaks. For fast DDoS protection against your e-commerce website click here . Source: http://www.zdnet.com/russia-today-hit-by-ddos-as-anti-wikileaks-group-claims-responsibility-7000002794/

Excerpt from:
Russia Today hit by Distributed Denial of Service ‘DDoS’ attack as anti-Wikileaks group claims responsibility

Bambuser Distributed Denial of Service ‘DDoS’ attack may be connected with Assange embassy stream

Bambuser came under a distributed denial-of-service attack on Thursday morning, possibly in connection with a user’s coverage of the Ecuadorian embassy where Wikileaks founder Julian Assange is holed up. The connection is not certain, but Bambuser’s Swedish proprietors say they had received threatening tweets just prior to the attack. Bambuser chief Jonas Vig told ZDNet that the DDoS took the service down for “almost an hour” and made it “hard to reach for another hour”. Bambuser lets people stream live video from their smartphones to the web. It has become very popular with activists and protestors, from the Occupy movement to Russia and Syria. The service has come under attack before, with the attacks generally coinciding with marches and protests that are being covered on Bambuser. The stream that appears to have solicited the DDoS is that of ‘citizen journalist’ James Albury, who has stationed himself outside the Ecuadorian embassy in London. Julian Assange has been inside the embassy since June, and the Ecuadorian government is set to announce its decision regarding his asylum bid later on Thursday. A diplomatic row erupted overnight, after Ecuador accused UK authorities of preparing to storm the embassy. Assange is wanted for questioning in Sweden over sexual coercion and rape allegations, and the UK wants to extradite him there under a European Arrest Warrant. Vig explained that the tweets Bambuser had received were not of the ‘tango down’ variety, but they did indicate that “it was someone aiming the attack directly at some specific users of ours”. “We still don’t want to speculate who was behind it, but there’s some indication it was directly aimed at blocking the streams from the embassy,” he added. “It was quite a serious attack,” Vig said. “We consider all DDoSes as serious.” A new anti-Wikileaks hacker, or group of hackers, called Antileaks has suggested on Twitter that he, she or they might be responsible for the DDoS. For fast DDoS protection against your e-commerce website click here . Source:

View the original here:
Bambuser Distributed Denial of Service ‘DDoS’ attack may be connected with Assange embassy stream

What Distributed Denial of Service ‘DDoS’ Attack Are and How to Survive Them

Never heard of a DDoS attack? Small companies that do business online ought to learn about this growing online threat — and figure out how they’ll respond should one ever hit them. Consider what happened to Los Angeles-based business-planning publishing and advisory company Growthink. Last September, a surprise flood of bogus traffic knocked its website off the internet for several days. Growthink turned to its hosting firm for help, only to have its website sidelined so other sites wouldn’t be collateral damage. It finally recovered by hiring a DDoS-protection firm, BlockDos, to filter out the bad traffic. Then it moved to a new hosting service, Rackspace, so it would be better prepared next time. “It was pretty intense,” says Kevin McGinn, Growthink’s IT director. “We had no idea why we were being singled out.” Growthink had suffered a “distributed denial-of-service” attack. In a DDoS attack, legitimate site visitors are denied access by hackers who immobilize the site either with a flood of bogus internet traffic or a surgical strike that exhausts the resources of a specific web application. Successful attacks can cripple business operations. Growthink estimates its website outage erased $50,000 in revenue. As Growthink discovered, it isn’t always clear who’s out to get you. Experts say e-commerce outfits and other businesses that rely heavily on the web for their livelihoods are most at risk. Smaller companies are most often attacked by unscrupulous competitors and extortionists, although disgruntled former employees, vandals and “hacktivists,” or hackers with a political agenda, are also known culprits. With both the number and ferocity of attacks rising, DDoS incidents are a growing threat. In the last year, CloudFlare, a San Francisco cloud-based web performance and security firm, said it has seen a 700 percent rise in DDoS traffic. Small companies are increasingly finding themselves in the crosshairs, experts say, as the cost of mounting attacks drops and large companies get better at stopping them. Attackers can rent “botnets” of 1,000 hijacked malware-infected home PCs capable of taking down sites of most small-to-medium-sized businesses for only $400 a week, according to Incapsula, a competitor to CloudFlare that’s a subsidiary of security firm Imperva, both of Redwood Shores, Calif. Even modest extortionists can profit. Australian e-commerce company Endless Wardrobe received an email in May demanding $3,500 via Western Union. When the firm didn’t comply, its site was knocked offline for a week by a torrent of bogus visits. The downtime cut revenue by at least the amount of the demanded ransom. Here are tips on how to survive if you find your business under a DDoS attack, too. Find a hosting service or ISP that will help. Many hosting services put large numbers of small websites on the same servers to boost efficiency. That’s fine until one site is attacked and the hosting company takes it offline so other customers on the server aren’t hurt as well. Check your contracts and speak with your hosting service or internet service provider, or ISP, to find out what it will do if you come under attack. Will it help you stop the attack and recover, and if so, at what cost? Will it send you a giant bill because an attack generated a ton of extra traffic to your site? A growing number of these service providers are offering security features, including DDoS protection, as a way to differentiate themselves in a crowded market. Such companies, which often employ technology from specialists such as Arbor Networks, include Firehost, Rackspace and iWeb. Hire Help. Companies that provide website acceleration services also often help fend off DDoS attacks. For instance, CloudFlare provides a free basic level of DDoS protection that it says will stop most attacks, and two tiers of service at $20 and $200 a month that can stop larger attacks. Incapsula includes DDoS protection as part of its Enterprise tier of service for an undisclosed fee. If you’re targeted with a highly sophisticated attack, however, you may want to consider hiring a DDoS-protection specialist, such as DOSarrest , a cloud-based security company based in Canada. Investigate ways to fortify your site. CloudFlare co-founder and CEO Matthew Prince suggests using nginx web server software — favored by the likes of Netflix and WordPress — because it can be more resistant to DDoS than other programs. He also recommends using the latest versions of your web software, such as WordPress and shopping carts, to prevent some application-based attacks. For fast protection DDoS protection for your e-commerce website click here . Source: http://www.entrepreneur.com/article/224099?cam=Dev&ctp=Carousel&cdt=13&cdn=224099

Continued here:
What Distributed Denial of Service ‘DDoS’ Attack Are and How to Survive Them

Distributed Denial of Service ‘DDoS’ crooks: Do you want us to blitz those phone lines too TDoS?

Cybercrooks are now offering to launch cyberattacks against telecom services, with prices starting at just $20 a day. Distributed denial of attacks against websites or web services have been going on for many years. Attacks that swamped telecoms services are a much more recent innovation, first starting around 2010. While DDoS attacks on websites are typically launched from botnets (networks of compromised Windows PCs under the control of hackers), attacks on telecom lines are launched using attack scripts on compromised Asterisk (software PBX) server. Default credentials are one of the main security weaknesses used by hackers to initially gain access to a VoIP/PBX systems prior to launching voice mail phishing scams or running SIP-based flooding attacks, say researchers. Telecoms-focused denial of service attacks are motivated by the same sorts of motives as a DDoS on a website. “Typical motives can be anything from revenge, extortion, political/ideological, and distraction from a larger set of financial crimes,” a blog post by Curt Wilson of DDoS mitigation experts Arbor Networks explains. Many of the cybercrime techniques first seen while crooks blitzed websites with junk traffic are being reapplied in the arena of flooding phone lines as a prelude to secondary crimes, according to Arbor. “Just as we’ve seen the Dirt Jumper bot used to create distractions – by launching DDoS attacks upon financial institutions and financial infrastructure at the same time that fraud is taking place (with the Zeus Trojan, or other banking malware or other attack technique) – DDoS aimed at telecommunications is being used to create distractions that allow other crimes to go unnoticed for a longer period.” Arbor details an array of services offered by hackers, some of which offer to flood telephones (both mobile and fixed line) for $20 per day. The more cost-conscious would-be crooks can shop around for a service that offers to blitz lines for $5 an hour, the price offered in another ad spotted by the ASERT security research team. As well as blitzing phone lines, other attacks against a targeted organisation’s VoIP system or SIP controllers are possible. Poorly configured VoIP systems can be brought down even by something as simple as a port scan, Wilson notes. “In such cases, an attacker could bring down an organisations’ phone system quickly if they were able to reach the controller. The benefits of proactive security testing can help identify such brittle systems ahead of time, before an attacker might latch onto the vulnerability. “Any system is subject to availability attacks at any point where an application layer or other processor-intensive operation exists as well as the networks that supply these systems via link saturation and state-table exhaustion. Telecommunications systems are no exception to this principle, as we have seen. Clearly, there is money to be made in the underground economy or these services would not be advertised,” Wilson concludes. For fast protection against your e-commerce website click here . Source: http://www.theregister.co.uk/2012/08/02/telecoms_ddos/

Visit link:
Distributed Denial of Service ‘DDoS’ crooks: Do you want us to blitz those phone lines too TDoS?

Indicted College Student Speaks Up About Her Case for involvement of distributed denial-of-service (DDoS) attacks

A college student arrested last year for alleged involvement in distributed denial-of-service (DDoS) attacks waged by Anonymous appeared publicly here Saturday on a panel discussing the hacktivist collective and online civil liberties. Mercedes Haefer, an undergraduate student at the University of Nevada Las Vegas who was indicted in July 2011 with 13 others for alleged conspiracy to commit DDoS attacks against PayPal’s website, spoke out briefly about her case in the panel session entitled “Anonymous and the Online Fight for Justice.” “I am charged with conspiracy to DDoS,” Haefer said during the panel discussion, noting that she found the charges “amusing.” She would not comment on the specific circumstances that led to her arrest. Anonymous talk at Def Con focused more on online civil liberties and activism, and came amid the backdrop of a screening of “We Are Legion” documentary held at the famed hacker conference. It was a far cry from last year’s Def Con, where some members donned their signature Guy Fawkes masks, while others shouted down speakers during a question-and-answer session on a panel about building a “better” Anonymous. Legal experts on Saturday’s panel pointed to a disparity in sentencing for physical activism versus hacktivism. Marcia Hoffman, a senior staff attorney at the Electronic Frontier Foundation, says the penalty for online civil disobedience is severe. “I’m not talking spending the night in jail. Federal hacking law [prescribes] up to 10 years in prison: That’s an incredibly harsh penalty,” Hoffman says. “It’s disconcerting that young people flexing their political muscle get 10 years in prison for [a] first-time offense.” Whether DDoS should be considered a legitimate form of protest was also debated. “Under certain circumstances, DDoS is protected political speech and should be afforded First Amendment rights,” said criminal defense attorney Jay Leiderman, who is representing Christopher Doyon, an alleged member of Anonymous who goes by the handle “Commander X.” Leiderman said an interview today that Commander X’s case and the PayPal case are classic examples of how some DDoS attacks should be treated as free speech. In the former, Commander X and others camped out for months in front of the Santa Cruz, Calif., courthouse protesting a crackdown on homeless people sleeping in the streets. “In the wake of more arrests, he and a small number of people allegedly DDoS’ed the County of Santa Cruz, slowing its server for 18 minutes,” he says. “That use of DDoS is a classic form of political speech, where the government is ignoring you and [you] get their attention in a nonharmful and noninvasive way with something to let them know you are out there.” Josh Corman, who has been researching Anonymous and, along with Brian Martin writing a series on “Building A Better Anonymous,” says the DDoS-as-free-speech argument made by the panel was interesting. Corman says he sees the disparity in a $250 fine for physical civil disobedience and a 10-year prison sentence for the digital equivalent. “I can see a reasonable argument that this is a legitimate form of free speech … I can see the disparity in the law there. Maybe they have a case there, but I’ll let people smarter than me decide,” Corman says. “[But] then I realize what a massive distraction that [argument] was.” The free speech DDoS argument distracts from the more malicious activity some members of Anonymous have conducted, he says. “And all of that drowns out the potentially noble” activity, he says. The bottom line is that DDoS doesn’t really accomplish what the hacktivists want it to, anyway, he says. “It doesn’t have any lasting damage at all. It’s a tool of fear” and is noisy, but hasn’t effected the type of change in the targeted organizations that the hacktivists had intended, Corman says. Sony, for example, suffered “orders of magnitude more” in financial losses from the massive earthquake in Japan than from the more than 21 DDoS attacks waged against it, he says. Meanwhile, Haefer offered a little insight into how Anonymous operates: In response to a question about how an Anonymous plan to out Mexican government officials with ties to drug cartels didn’t materialize, she said sometimes the intentions are there, but action may not be “feasible at that time.” “A lot of times where people start up an op with the intention of trying to do something, and someone will jump the gun and say, ‘We’re going to [f’ing] do it,’ and sometimes it’s not always possible with the people we have around and their lives” and other commitments, she said. At A Crossroads Corman says a small group of Anonymous members should define what free speech online means, and a find a better way to protest than DDoS attacks, he says. “I can envision truly noble online activism as transformative as a civil rights movement,” he says. Corman and others at an earlier panel at Def Con urged the security community to be aware and speak out about privacy and freedom concerns at the upcoming World Conference on International Telecommunications (WCIT-12) meeting. Experts say the meeting could result in the potential restructuring and governance of the Internet that could ultimately hamper user access and freedoms. The security community could be doing more to carry the torch here as a more formal means for Internet activism, he says. “The original Def Con crowd could be a force of organized chaos that keeps the peace actively or passively,” Corman says. And Anonymous, meantime, is at a crossroads, according to Corman. “Several [of them] are ready to engage on what a better Anonymous might look like,” he says. For fast DDoS protection against your website click here to view DOSarrest services. http://www.darkreading.com/database-security/167901020/security/attacks-breaches/240004684/indicted-college-student-speaks-up-about-her-case-anonymous.html

View original post here:
Indicted College Student Speaks Up About Her Case for involvement of distributed denial-of-service (DDoS) attacks

Tablet’s Server Outages due to Distributed Denial of Service ‘DDoS’ attack

For the last several months, Tablet Magazine’s servers have been coming under recurring distributed denial-of-service attacks, or DDoS attacks . Yesterday we suffered two major attacks, the first around 1:30 p.m., shortly after we posted Michael C. Moynihan’s explosive article about the further dishonesty of Jonah Lehrer, the author and New Yorker writer. The Lehrer story brought us an unprecedentedly large legitimate traffic load. Some commentators and observers speculated that that’s what brought us down. It’s true that the rush of readers coming to the Lehrer story was much larger than normal, but I am assured by our IT team that we had more than sufficient bandwith and server memory to handle it. Notably, for several midafternoon hours, when we were not under attack, we served extraordinarily high traffic loads uneventfully. Our IT team strongly believes that what we were experiencing—and have been for some time—are sophisticated attacks specifically targeting Tablet, not just run-of-the-mill Internet-as-Wild-West hijinks. It is possible that whoever is out to get us seized on a moment when we had high publicity and high server demand to attack. It sounds a little paranoid, granted, but as the saying goes, just because you’re paranoid doesn’t mean they’re not out to get you. The romantic in me hopes it’s the Iranians. Meantime, we’re doing what we can to keep the site up, and we apologize for our no-doubt maddening unreliability. And if you’re a DDoS-mitigation expert who’s eager for some pro-bono work, you know where to find us. Source: http://www.tabletmag.com/scroll/107948/on-tablet%E2%80%99s-server-outages

Follow this link:
Tablet’s Server Outages due to Distributed Denial of Service ‘DDoS’ attack

Family First site back online after Distributed Denial of Service ‘DDoS’ attack

Family First’s anti gay marriage website is back up and running after an “unprecedented attack” took out the website’s host servers. “Protect Marriage” was launched by Family First yesterday, but minutes later was removed from the web when it became the immediate target of a “large-scale denial of service attack” according to the site’s webhost. Family First director Bob McCroskrie said the website was dedicated to opposing Labour MP Louisa Wall’s Marriage Equality Bill, which was pulled from the ballot last week and had sparked heated debate from both sides. While the site was reinstated a couple of times yesterday, its Christchurch-based webhost had to eventually pull the site completely because hackers had overwhelmed their servers so much it affected every other website hosted by the company. Family First’s own website was also hosted by the company and has also been pulled. A message is now reading the domain for familyfirst.org.nz has been suspended. Family First has reinstated the site with an international hosting company that had larger servers and tighter security measures. “It is disappointing that some opponents in the marriage debate are unwilling to have robust debate and are resorting to desperate – but failed – attempts to shut us down,” McCroskrie said. “We are also disappointed that our web host company was targeted with offensive emails simply because they were a Christchurch business that we wanted to support and who were willing to host some of our websites.” Meanwhile, US band Train have tweeted they are working on getting their music video “Marry Me” removed from the site, but it still featured on the site’s homepage today. Train caught wind their song was being used by Family First after a Twitter user alerted the band their song was being used on an “anti gay marriage website”. A user named @Mikey_J_S6 tweeted the band last night saying: “Why does your music video appear on a homophobic lobby group’s website?”. Train responded saying “Didn’t know. Getting it off asap. Tnx 4 tip”. McCroskrie said they had not yet heard from Train, but if they were asked to take the song down they would. “We’re not going to go by some post on Twitter, but if the band contact us then we will certainly take it down.” Latest tweets would suggest it is now in the hands of Sony, who were working to get the video off the website. At a Victoria University debate on the issue at the weekend, Wall said she expected a significant amount of vitriol directed her way and had already received nasty emails from those who opposed it. “But you know what, I just send them back some love because that is what this is all about.” Wall, who is the bill’s leader, said the point of it was to put human rights at the forefront of discussion. “It’s not about friction or conflict, it’s about having rational conversations and engagements with people and bringing back at the end of the day to a very personal level.” Both Wall and fellow Labour MP Charles Chauvel, who got married to his partner in Canada where the laws would allow, were expecting “dirty tactics” to arise from minority sectors. “While I’m confident and hopeful about us having the numbers to get this legislation through, there will be bitter opposition to it from a minority, but a vocal and sometimes nasty minority,” Chauvel said. For DDoS protection, contact DOSarrest a result of five years of research, experimentation and mitigation of malicious traffic. In the last four years, we have formed a dedicated team of network security specialists, network engineers and developers focused on mitigating DoS/DDoS attacks. Solving the DDoS problem is like a never ending cat and mouse game with attackers. Click Here to Contact Us! Source: http://www.stuff.co.nz/national/7385038/Family-First-site-back-online-after-attack

View original post here:
Family First site back online after Distributed Denial of Service ‘DDoS’ attack

Demonoid Faces Prolonged Downtime After Distributed Denial of Service ‘DDoS’ attack

A severe DDoS attack has brought down one of the most famous BitTorrent trackers. Demonoid has been inaccessible to its millions of users for more than a day and is expected to remain offline for quite some time. The tech admin of the troubled BitTorrent tracker told TorrentFreak that the issues at hand are not easy to fix, and suggests that aside from the DDoS there might have been an attack from another angle. Demonoid is one of the biggest torrent sites around, and has been for more than half a decade. Over the years the site has had its fair share of downtime, sometimes disappearing for months on end. Yesterday, a million plus Demonoid users noticed that they could no longer access the site. Instead of the usual welcome screen users were confronted with a “server busy” message, suggesting that the BitTorrent tracker is facing technical difficulties. TorrentFreak got in touch with the tech admin of the site who informed us that they are in serious trouble. Demonoid was overloaded by a DDoS attack which hit the server hard, resulting in a series of problems that may take a while to address. “It started as a DDoS but then it caused a series of problems. These problems need to be fixed before the site can go back up, and it’s a complicated fix this time,” the Demonoid admin told TorrentFreak. Aside from the DDoS assault, Demonoid’s server may also have been compromised by another attack. “There might have been an attack from another angle, an exploit of sorts, but it’s hard to tell right now without a full check of everything,” the admin says. While Demonoid is determined to return to its full glory, it might take a while before the site is up and running again. After an exodus of staff earlier this year there is only one person available to work on server issues, so progress is slow. “Our human resources became limited in the last few months. All tech issues are handled just by me now and there is no one else to take the job,” the admin told us, adding that his time is also limited by real life issues that take priority. “I’ll fix the site as soon as possible, but it might be a while this time,” the admin says. In recent years Demonoid has been in the cross-hairs of several anti-piracy outfits. It was pressured to move out of Canada by the CRIA and most recently the MPAA and RIAA reported Demonoid as a “rogue site” to the U.S. Government. However, there is no indication that the current attacks at Demonoid are anti-piracy related. For the millions of Demonoid users there’s no other option than to wait, once again. For fast DDoS protection click here . Source: http://torrentfreak.com/demonoid-to-suffer-prolonged-downtime-after-ddos-attack-120727/

Super-Charged Distributed Denial of Service ‘DDoS’ attack Spike In 2012

This year has seen distributed denial of service (DDoS) attackers increase the power of DDsS attacks massively, according to figures exclusively shown to TechWeekEurope. DDoS attacks see servers overwhelmed with traffic, causing a target’s website to go down. All kinds of organisations use DDoS attacks, from hacktivists like Anonymous to private companies wanting to stymie competition, and figures have shown they are upping their efforts. The average size of an attack went up 27 percent in 2012, hitting 1.56Gbps in June, compared to 1.23Gbps in 2011, second quarter data from anti-DDoS vendor Arbor Networks showed. June’s average attack speed was 82 percent up on the same month in 2011. There was also a return to growth in super-powered hits, with a 105 percent rise in the proportion of DDoS attacks measuring in at over 10Gbps. Between 2011 and 2010 that proportion was down 34 percent. Multi-vector DDoS attacks Arbor told TechWeekEurope that attackers were increasingly combining big volumetric attacks with stealthy application-level attacks, which are harder to identify due to a lower level of traffic. “We are still seeing a lot of the more stealthy application layer attacks going on out there, although now they are quite often accompanied by a volumetric attack. Attackers have learned that by generating application and volumetric attacks (multi-vector ) at the same time they can take sites and services down, and keep them down, for longer periods,” said Darren Anstee, solutions architect at Arbor. “Using multiple vectors makes it more difficult for operational security teams to figure out exactly what is going on, as different parts of the attack can impact different areas of infrastructure. Application layer attacks target the application servers, state-exhaustion attacks target firewalls, load balancers etc.” Despite the rise in DDoS power, the highest powered attacks have hit something of a plateau. The biggest monitored attack so far this year came in at 100.84Gbps, lasting 20 minutes, where 2011’s record of 101.394Gbps has not yet been surpassed in 2012. “It does appear that on the Gigabit per second side of things, right at the top end, attacks sizes may have plateaued. Why? It could be that 100Gbps of attack traffic is ‘all’ that is required to take down anything that has been targeted thus far, or, we could have reached some kind of limitation in some of the tools,” Anstee said. For the first time, the port used for Xbox Live connections (port 3074) showed up on Arbor’s findings, taking up 0.76 percent of attacks. Port 80, used by the HTTP protocol, is the prime target for DDoSers, with 29 percent of strikes hitting it in Q2. “There are unfortunately quite a lot of attacks between on-line gamers (this is multiplayer online gaming, rather than gambling). These attacks are used either to give one player an advantage over another, or avenge a defeat,” Anstee added. Botnets are a major part of the problem, as TechWeekEurope’s recent investigation into the underground DDoS market found. Law enforcement and industry firms continue to work with one another on knocking down botnets, as seen in last week’s effort to kill off super-spammer Grum. But most believe arrests are needed to truly counter the rise of malicious networks. For fast DDoS protection click here . Source: http://www.techweekeurope.co.uk/news/ddos-attacks-power2012-86926

Visit link:
Super-Charged Distributed Denial of Service ‘DDoS’ attack Spike In 2012

Five Ways to Protect Against Distributed Denial of Service ‘DDoS’ attacks

Distributed denial of service (DDoS) attacks are able to take out an entire site in a matter of minutes. Firewalls and traditional tools like intrusion detection and prevention systems cannot always mitigate the security risks associated with these threats. New techniques and technologies in DDoS attacks can be more aggressive than their DoS predecessors and require a different kind of approach to network security. This slideshow features some of the tricks and tools, identified by Jim MacLeod, product manager at WildPackets, that can be employed to hinder the flow of a DDoS attack. 1. Understanding a DDoS attack The goal of any DDoS attack is to overwhelm a service to the point where it no longer works. While DDoS has historically been just an annoyance, there is usually a financial impact, such as lost sales or a spike in bandwidth costs. Cloud-hosted services, which charge by usage, are especially financially vulnerable to an onslaught of traffic. DDoS attacks use large numbers of computers simultaneously targeting a single service. The attack often comes from botnets, which are composed of PCs infected by a virus. Recently, DDoS has been used by political protesters, who crowdsource attackers through downloadable software. Older DoS attacks like SYN floods used limited numbers of attackers, so it was possible to use automatic per-client rate-limiting, or to block the IPs. Modern DDoS techniques try to avoid large amounts of traffic per attacker, and rely purely on large numbers. 2. Prepare in advance Many sites may think they’re too small to attract attention. However, DDoS isn’t a hard attack to perform. Ironically, DDoS is even available as a service. If your site is big enough to attract any business, it’s big enough to attract a potential attacker. Reducing the cost of an attack starts with early detection. There are simple techniques you can use to alert yourself to an attack. Run a script on your server that sends a message periodically with the recent traffic count: You’ll get a warning either if the count jumps significantly, or the message doesn’t arrive. Additionally, use a remote monitoring program that periodically checks the service’s availability. A large DDoS attack may block your management access if the site is remote. Try to make sure there’s a cost-effective out-of-band management solution. 3. Identify the attack fingerprint Once you detect a DDoS attack, the first step is to identify its unique characteristics. Despite the availability of cleverer techniques, DDoS usually relies on brute force – which means that the traffic from all of the attackers will have unique similarities. Because large numbers of attackers will be involved, scattered across the Internet, blocking the IP addresses will be nearly impossible. Instead, do a quick packet capture of the attack. Finding examples will be relatively easy, since most of the traffic will be DDoS traffic. Commonalities can often be found in the URI, user agent, or referrer. What you’re looking for is a pattern that you can block with your firewall, router ACL, IDS, etc. It will often be an ASCII or hex pattern at an offset. Become familiar with the capabilities of your equipment, and try some tests in preparation. 4. Block the rogue packets Once you have identified the attack fingerprint, it is time to set up a block within your firewall or router to drop the majority of packets. However, a high-bandwidth attack may simply exhaust your WAN link: You’ll have a clean LAN, but your service will still be unreachable. Contact your carrier now to figure out how to work with them during a DDoS attack, in case they need to do the blocking for you. Some service providers offer “clean pipe” hosting with automatic DDoS squelching. There are also companies who offer products and services to detect and prevent DDoS. Depending on the specifics of your service, it may make financial sense to pay for one of these solutions. Don’t forget the option of simply hosting the service somewhere large enough to absorb the attack – but remember that DDoS against sites that charge by bandwidth can result in unexpectedly high bills. 5. Surviving and cleaning up During and after a DDoS attack, ask for help. Your regional CSIRT (Computer Security Incident Response Team) should be alerted, as they have expertise and contacts that can not only help you during the attack, but also start the process of figuring out who did it and how. A global list is available here: http://www.cert.org/csirts/national/contact.html As cyber crimes get more sophisticated, businesses must be able to constantly adapt to these new security threats. While there are no methods or tools that can completely prevent DDoS attacks from happening, having a security “insurance policy” in place is the first step in ensuring that you are completely prepared. The ability to quickly suspend this new level of attack is tantamount to protecting company data as well as your business as a whole. Click here for DDoS protection. Source: http://www.itbusinessedge.com/slideshows/show.aspx?c=96534