Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Coming much closer to home in 2012: Distributed Denial of Service attacks

Eric Hemmendinger | April 17, 2012
Typically aimed at part of the enterprise’s public-facing infrastructure, these attacks engage the resources of that infrastructure in a way that simply consumes their capacity.

Cyber attacks are becoming more frequent and achieving much higher visibility as reflected in increased news coverage: "Bank Suffers Security Breach, Credit Card Information Lost", "Network Hacked, Users' Personal Information Compromised".  

There is no doubt that such attacks are becoming more common and audacious, but how do cyber criminals attack these large companies in the first place - especially with all the security technology that companies have in place?

We see two types of attacks - those that are highly visible and meant to be perceived, and those that are quiet - possibly visible to the target, but not to external stakeholders. The majority of highly visible attacks - often referred to as Denial of Service (DoS) attacks - are typically intended to prevent external stakeholders from interacting with the enterprise. These types of attacks are the focus of this article.

Typically aimed at part of the enterprise's public-facing infrastructure, these attacks engage the resources of that infrastructure in a way that simply consumes their capacity. Overwhelm a website with requests, and the website eventually becomes unresponsive. The same can apply with a firewall or other network infrastructure. And when crafted correctly, the same approach can be used to consume the resources of a Web-based application, albeit with far less of a load placed on the application.

Anatomy of a DoS Attack

The analogy of a man with a fire hose pointed at your front door is particularly appropriate here. When the fire hose is turned on, and you open your door, you get knocked down. Stand up, and you get knocked down again. As for closing your front door - forget it - you can't. The water that comes into your house - that's doing damage as well. But what your neighbors and passersby see is you floundering in the doorway - not a respectable image! That's a DoS attack. And if there are multiple people - each with their own fire hose - aiming at your house, it's called a Distributed Denial of Service attack (DDoS). These are even more embarrassing, as now the attacks also target windows and other entries into the house. What your neighbours and passersby - the stakeholders - think is that you can't possibly be taken seriously while your house is being hosed down. Instead of coming to visit you, these stakeholders go elsewhere.

Consumer Tools for DDoS Attacks

The primary tool for launching DDoS attacks at an enterprise is a Botnet, an army of devices that can be easily controlled by the individual launching the attack. These devices - consumer PCs - are compromised over time, and can be used in attacks without their owners' knowledge or permission, as the system resources required on a single PC are very modest indeed to produce the desired traffic.

 

1  2  3  Next Page 

Sign up for Computerworld eNewsletters.