Denial of Service Attacks
Problem and Protection
Anonymous fights for WikiLeaks
A denial of service attack involves intentionally
overwhelming a server by flooding it with bogus
requests.
How attackers do it
Using viruses, they get botnet software on PCs.
They coordinate botnets to send requests simultaneously.
Developers can’t do much about DoS
o It is the domain of system admins.
How we protect ourselves
o Prevent/remove botnet software o Turn off unneeded services o Enable quotas o Overprovisioning o Blackholing o Block invalid traffic o Block the attackers’ IPs o DDoS mitigation appliances o Wait for them to get bored and move on
Prevent and remove botnet software
o This doesn’t protect you. It protects others. o Malware detectors can find and clean them.
Turn off unneeded services
o Attackers can’t misuse a service that doesn’t exist.
Enable quotas
o Turn on CPU, disk usage, and network traffic quotas per user.
o Will allow your server to continue to run during an attack
o But will hurt legitimate users during peak times
o This is nigh impossible with a DDoS attack.
Blackholing takes your business offline
Block invalid traffic
o Usually impossible because bogus requests look exactly like valid ones.
o Sometimes though, attackers will use pings or bogus IP addresses. Routers can drop them.
Block the attackers’ IPs
o Isolate bogus traffic from valid traffic. • Set your firewall to ignore requests from that IP
or range. • Attackers can spoof their IP via relays.
DDoS mitigation appliances will sanitize
traffic
Wait for them to
get bored and
move on
Summary
o Denial of service attacks can be devastating to a business
o They are impossible to predict and nearly indefensible.
o We can turn on quotas, turn off services, over-provision, and use DDoS mitigation appliances beforehand.
o We can blackhole, block IPs and strange traffic during the attack.
o But none of these can completely protect us.