|
|
|
|
 |
| Tech Update |
|
A rogue's gallery of denial of service attacks
By Steven J. Vaughan-Nichols
July 11, 2001
[an error occurred while processing this directive] |
Tuesday, May 22, started out as just another day at CERT Coordination Center at Carnegie Mellon University in Pittsburgh. By day's end, CERT, widely regarded as the Fort Knox of computer security, would be knocked off the net by a distributed denial of service (DDoS) attack.
In 2001, even the crème de la crème of network security is vulnerable. If it can happen to CERT, it can happen to you.
You can help prevent DDoS assaults across the Internet and lower your vulnerability to attacks. But if someone really wants to put your business under with a DDoS attack, they will. Microsoft, Yahoo, and Exodus have all fallen to DDoS attacks within the last 12 months; you or your customers could be next.
The nature of the beast
Denial of service (DoS) attacks are exactly what they sound like: attempts to prevent your server from delivering services. Attackers can do this in many ways. For example, you could describe the Outlook e-mail worm Melissa and its ilk as DoS agents because they cause their damage by making Outlook clients flood e-mail servers with worm-laden messages to the point that the servers collapse under the load.
| [an error occurred while processing this directive] |
This is an important point. People tend to think of DoS attacks as causing havoc by jamming network bandwidth with useless traffic. While that's certainly one kind of DoS attack, another succeeds by devouring server resources. That means it's possible for a successful DoS raid to be made over a low-speed modem connection if it attacks server resources. To really protect a network against attacks, both network and servers should be armed and ready
For corporate users, firewalls and products like Zone Labs Inc.'s Zone Alarm Pro can help. In addition, several companies, such as Asta Networks Inc. and Mazu Networks Inc., now offer business-level protection against DDoS attacks.
Asta's Vantage System takes a page from anti-viral programs by looking for tell-tale signs of DDoS attacks. It constantly analyzes packets for known DDoS patterns and unusual patterns, such as a non-standard stream of packets on its way to your Domain Name Server (DNS). When it looks like an attack is on the way, the system notifies a network manager, who can then use router filters or even switch network providers in mid-stream to attempt to stem the attack.
Mazu Networks' TrafficMaster Inspector for DDoS tries to detect attacks in the making by using constant Gigabit Ethernet-speed traffic analysis as far upstream as possible. In essence, Mazu attempts to catch attacks in real-time, then allow good traffic to keep flowing by blocking only DDoS packets. Its approach makes it suitable for ISPs and data centers.
Usually, DoS attacks are aimed straight at your network's TCP/IP infrastructure. These assaults come in three varieties: those that exploit weaknesses in a given TCP/IP stack implementation; those that target TCP/IP weaknesses; and the tried and true brute force attack.
 |
|
|
|
|
![]() |
|
[an error occurred while processing this directive] |
![]() |
|
![]() |
|
|
[an error occurred while processing this directive]
|
|
|
|
