The Information Security Specialists
Oct 11

No ‘Silver Bullet’ to Kill Off DDoS

DDoS attacks have been around for about fifteen years and the recent reported attacks show that it is still going strong. In fact, DDoS will probably always be an effective attack technique because it is uniquely difficult to defend against.

The basic concept is simple. Use a large number of systems with widely dispersed addresses to send large amounts of traffic that’s difficult to distinguish from legitimate requests. If the systems are widely scattered, it’s difficult to block based on source addresses. And if the traffic looks just like regular requests, deep packet inspection won’t help either.

An additional problem is that for servers that use a regular ISP connection, it’s no use trying to block on the customer’s side of the connection as the traffic will have already saturated the link.

Early DDoS attacks often used ICMP or UDP packets, but these were fairly easy to distinguish from legitimate traffic so ISPs or hosting companies could block these sorts of attacks. Later the attacks moved to HTTP directed at the web server. These are difficult to block with simple packet filters, but the tools used to perform the DDoS often left a fingerprint, such as a unique User-Agent header, which allowed deep packet inspection to weed out the hostile traffic. Modern attacks though are much more difficult to distinguish from legitimate traffic.

While the technology behind DDoS attacks has changed over the years, the motives have largely stayed the same. The main motives are money (typically blackmail), activism and revenge. Blackmail is associated with sites that make large incomes, and has been especially prevalent with gambling sites. The recent cases in the news are mainly activism based, but that’s not just a recent phenomenon. In 2006, Blue Security Inc were forced out of business by a concerted DDoS attack by spammers who were angered by their anti-spam product ‘Blue Frog’.

The source of DDoS attacks is typically a botnet, comprising thousands or sometimes millions of compromised machines. Despite increasing security measures, many modern systems are still vulnerable to the botnet malware. There are plenty of Windows 7 and Mac OS X systems in botnets, so it doesn’t look like botnets will be disappearing soon.

There’s no foolproof defence against DDoS attacks, and there doesn’t appear to be a silver bullet coming along soon. But that doesn’t mean nothing can be done. Stress testing, understanding ways to mitigate the effects, and preparing a response to a DDoS attack can all help to minimise the effects.

English French German Italian Portuguese Russian Spanish
Call us now on
01634 721855

Latest News

I wish to highlight the outstanding work that your consultant undertook whilst doing the ICT Health Check for the Council.

View all Testimonials

Particularly notable was the level of technical knowledge displayed by NTA’s consultants, and we were also impressed that they were willing to share this knowledge with the network team.

View all Testimonials

We have found NTA to be an excellent supplier, offering a very good service at a competitive price. A key differentiator is that they are happy to answer any questions...

View all Testimonials

I have found NTA to be an approachable knowledgeable partner, and have no hesitation in recommending their services.

View all Testimonials

The NTA testing programme was a success on all fronts.

View all Testimonials

The quality of both the initial work and follow-up advice and guidance was excellent, and NTA provided full lifecycle support to the development and delivery of our Online Services portfolio.

View all Testimonials

On one occasion our third-party did not believe the vulnerability was an issue - having had their software tested by another well-known security testing company - and NTA Monitor were...

View all Testimonials

NTA Monitor are very supportive, especially regarding general questions about Information Security issues such as hacking and vulnerabilities.

View all Testimonials

NTA Monitor has been a trusted supplier for a number of years and we have found them to be approachable, helpful and understanding of our needs relating to information security.

View all Testimonials