DDoS attacks were developed from the basic DoS attacks that were in the wild in 1997. These attacks are originating from a source, and may arise from 100 & 39; s of places in the world. The most visible attacks were those in February 2000, when high traffic sites (eBay / Amazon / Yahoo / CNN / Buy.Com / Datek / ZDNET) were faced with the task of handling huge amounts of traffic falsified. In recent days, there have been attacks on Cisco which resulted in considerable downtime. Some public blacklist have also been targeted by spammers and taken out of business.
The following are different types of attacks.
Smurfing: The culprit sends a large volume of traffic ICMP echo in Broadcast IP addresses, all he has forged a source address of a victim. This multiplied by the number of traffic hosts.
Fraggle: This is the cousin of the smurf attack. This attack uses UDP packets echo the same as the ICMP echo traffic.
Ping Flood: The culprit attempts to disrupt service by sending ping request directly to the victim.
Syn Flood: Exploiting the flaw in the TCP of the three-way squeeze hand, the culprit will create connection requests to the victim. These requests are made with packets of unreachable source addresses. The server / device is not able to complete the connection and as a result the server just using most of its network resources trying to acknowledge each SYN.
Land: The culprit sends a package forged with the same origin and destination IP address. The victims system will be confused and crash or reboot.
Teardrop: The culprit sends two fragments that can not be grouped in correctly handle the offset value of the packet and cause a reboot or stop the victim system.
Bonk: This attack usually affects Windows OS machines. The guilty corrupted UDP sends packages to DNS port 53. The system is confusing and crashes.
Boink: This is similar to the Bonk attack; accept that it targets multiple doors, instead only 53.
Worming: The worm sends a large amount of data to remote servers. Then it checks whether the connection is active, trying to contact a site outside the network. If successful, an attack is launched. This would, in conjunction with a mass-mailing of some existing sort.
With TCP / IP implementation, there is not much that companies can do to prevent their network from being DDoSed. Some companies can be proactive and make sure all its systems are patched and are only running services they need. Also implementation, the exit / Ingress filtering and allow logging all routers will disable some DDoS attacks.
" filtering output is in the process of examining all packet headers leaving a subnet to resolve validity. If the package source IP address originates within the sub-network that serves the router, then the package is passed. If the package has an illegal source address, then the package is simply abandoned. There is very little overhead involved, so there is no degradation of network performance. "
-Cisco Website
Below you& 39;ll find a simple SYN attack detection script that could be set up to run every 5 minutes via a cron. In the event of an attack and you will receive email with IP information; remember the IP information is usually spoofed.
! / Usr / bin / perl-Simple w
Script to monitor syn attacks.
$ syn alert = 15;
$ host = hostname;
chomp ($ host);
$ num of syn = netstat-a c grep-SYN ;
if (U.S. $ num of syn > $ syn alert)
(
netstat-a grep SYN s mail-" SYN ATTACK detected in U.S. $ host " admin@yourcompany.com ;
)
else (
)
exit;
Conclusion: DDoS attacks are very difficult to find and stop. New hardware devices are being manufactured specifically for these types of attacks. Many dedicated server providers simply disconnect the server that is being attacked until the attack stopped. This is not a solution, this is a careless and temporary fixes. The guilty will still exist and have not been held accountable for their actions. Once an attack is detected hosts should commence immediately upstream providers.
About Its Author
Edwin Gonzalez is the founder of datums Internet Solutions, LLC (http://www.datums.net) based outside of New York. Besides dealing with the day-to-day operations, he works in the construction of its library a shell-liners.
Bookmark it:
No comments:
Post a Comment