Denial of service attacks

Posted on November 27, 2012 by Katie Olver (in Ops).

With each new phase of development on the internet there has inevitably come with it a new set of security challenges. There’s perhaps no better current example of this than the denial-of-service attack. DoS attacks (also sometimes Distributed Denial-of-Service attacks) are a relatively unsophisticated way to effectively wreak maximum havoc on an organisation’s web-infrastructure and their ability to communicate with their online clientele. Each has a distinctive modus operandi but share a common goal - to swamp a company or organisation’s Web server with bogus requests for information and thus effectively render their website and web-commerce inoperable for large periods of time.

As miraculous a tool as the internet has become, the denial-of-service attack highlights one of the inherent frailties in the way external computers still have to connect with a company’s Web servers. Indeed, the ubiquity and importance of the net in any form of business nowadays highlights why DoS and DDoS attacks have risen exponentially since the turn of the millennium.

When you consider how major players including Microsoft, Google, Ebay, Amazon, the C.I.A., HSBC and numerous others have had their websites targeted and brought down (to greater or lesser extents) by denial-of-service attacks then the gravity of the situation becomes apparent.

The DoS attack is essentially an attempt to hi-jack, hog or disrupt a company’s internal Web resources, whether by bombarding the router with erroneous requests and messages, instigating code errors in servers to freeze them up or simply targeting the bandwidth or processing capacity in order to prevent normal working.

The DDoS attack (currently favoured by hacker groups such as LulzSec, Anonymous and others) differs slightly in execution by harnessing a large number of computers, often by use of pre-distributed Trojans, which, at a set time, instruct all the infected computers (‘Bots’) to bulk send information to a website’s servers causing them to fall over. This kind of attack can be sustained and very hard to defend against without investing in, and constantly updating, protective filters, which use pattern recognition to differentiate between legitimate and malicious web-traffic. The Trojan will, sadly, remain a useful weapon in the hacker’s malware armoury until such time as home computer and small business users learn to habitually install the security patches/fixes, which software vendors routinely provide.

Not all DoS/DDoS attacks are designed to be destructively malicious, with many being used as a way for certain parts of the net-community to show disapproval or disdain.

That said, recent years have shown a real increase in pernicious malware such as the notorious MyDoom worm in 2004/2005, which was utilised to perpetrate a very high-profile DDoS attack on Microsoft. More recently, September of this year saw a spate of DoS attacks on high-profile UK and US banks, which, although not particularly sophisticated, were highly effective in slowing down (and in one or two cases, stopping) web-traffic and web-services of some of the biggest name banks.

ISPs, governments and the Internet Architecture Board (the overseers of all technical development of the net’s infrastructure) naturally take a dim view on any such activities as the damage to companies and institutions (financially and in corrective man-hours) in the wake of even minor DoS/DDoS attacks can be massive, and often requires a large re-investment in, and strategic rethink of, their online security systems. With an increasing number of variants of DoS attacks the need for adaptive forward security planning is essential to anyone wanting their Web presence to remain as secure and available as it possible. Prevention, as is so often the case, tends to be infinitely preferable (and cheaper) than a cure.

 

blog comments powered by Disqus