10 Strategies To Fight Anonymous DDoS Attacks

  /     /     /  
Publicated : 22/11/2024   Category : security

10 Strategies To Fight Anonymous DDoS Attacks


Preventing distributed denial of service attacks may be impossible. But with advance planning, they can be mitigated and stopped. Learn where to begin.


Anonymous: 10 Facts About The Hacktivist Group (click image for larger view and for slideshow)
Consider 2011 to be the year that distributed denial-of-service (DDoS) attacks went mainstream.
Whos responsible?
Blame Anonymous
, according to a new
report
released Monday by security vendor Radware.
Their major campaign, Operation Payback, during the WikiLeaks saga in December 2010--against those supporting the U.S. government--was the turning point that shaped the security scene in 2011, according to the report. In short, by distributing easy-to-use DDoS tools, such as
low-orbit ion cannon
, Anonymous popularized DDoS attacks.
[ So youve been hacked. Learn
9 Ways To Minimize Data Breach Fallout
. ]
But are DDoS attacks something that businesses and government agencies must simply
endure
, or, can they be more actively resisted? In fact, organizations can take a number of steps to at least mitigate the effect that DDoS attacks have on their websites, servers, databases, and other essential infrastructure.
1. Know youre vulnerable.
One lesson from the use of DDoS by Anonymous--as well as its
sister hacktivist group LulzSec
--is that any site is at risk. Thats not meant to sound alarmist, but rather simply to acknowledge that the hacktivist agenda can seem random, at best. Indeed, after Anonymous came along, the financial sector, which had not really considered itself as a prime target, was hit and urgently forced to confront threatening situations, according to the Radware report. Government sites had been targeted before, but 2011 saw a dramatic increase in frequency, and neutral governments that felt themselves exempt, like New Zealand, were attacked.
2. DDoS attacks are cheap to launch, tough to stop.
As the recent
Anonymous retaliation
for the Megaupload takedown shows, hacktivists can quickly crowdsource 5,600 DDoS zealots blasting at once, as Anonymous boasted on Twitter, to take down the websites of everyone from the FBI and the Justice Department to the Motion Picture Association of America and Recording Industry Association of America. DDoS is to the Internet what the billy club is to gang warfare: simple, cheap, unsophisticated, and effective, said Rob Rachwald, director of security strategy of Imperva, via email.
3. Plan ahead.
Stopping DDoS attacks requires preparation. If attacked, folks that dont take active measures to ensure the resilience of their networks are going to get knocked over, said Roland Dobbins, Asia-Pacific solutions architect for Arbor Networks, via phone. They need to do everything they can to increase resiliency and availability. Accordingly, he recommends implementing all of the industry best and current practices for their network infrastructure, as well as applications, critical supporting services, including DNS.
4. Secure potential bottlenecks.

Which parts of the corporate network can become a bottleneck or weak link in a DDoS attack? A survey by Radware of 135 people with information security expertise--including IT managers as well as CIOs and CISOs--found that the bottlenecks theyd experienced included the server under attack (for 30%), their Internet pipe (27%), a
firewall
(24%), an intrusion prevention or detection system (8%), a SQL server (5%), or a load balancer (4%). For example, Sergey Shekyan, a Web application vulnerability scanner developer at Qualys,
reported
that he was able to DDoS a Squid proxy server using the free
slowhttptest tool
with
slow read DDoS attack support
. Thats because while the server was theoretically able to handle 60,000 concurrent connections per minute, it had been misconfigured to only allow 1,024 open file descriptors at a time.
5. Watch whats happening on the network.
If prevention--including securing infrastructure and making sure it can reasonably scale to handle sharp increases in packet traffic--is the first step, the second is actively monitoring the network. If the enterprise doesnt have visibility into their network traffic so they can exert control over the traffic, then they have a problem, said Dobbins.
6. Look beyond large attacks.
Historically, the most popular type of DDoS attack--and the one most used by Anonymous--has been a
packet flood
. The concept is simple: direct so many packets at a website that its servers buckle under the pressure. But not all effective DDoS attacks unload untold numbers of packets. Notably, a study by Radware of 40 DDoS attacks from 2011 found that only 9% involved more than 10 Gbps of bandwidth, while 76% involved less than 1 Gbps.
7. Beware application-layer attacks.
Attacks that eschew packet quantity for taking out a switch or application can unfortunately be quite difficult to detect. According to Radwares report, it is much easier to detect and block a network flood attack--which is about sending a large volume of irrelevant traffic such as UDP floods, SYN floods, and TCP floods, typically spoofed--rather than an application flood attack where the attackers are using real IP addresses from real machines and running complete application transactions.
8. Watch for blended attacks.

Detection can get even trickier when attackers start targeting more than one application at a time, perhaps together with a packet flood. Attackers are often likely to combine both packet flooding attacks with application-layer DDoS, to increase their odds of success, according to the Radware report. The majority of organizations, which are targeted by sub-1-Gbps attacks, are targeted with a mix of network and application flood attacks.
9. Make upstream friends.

Large attacks can
overwhelm even the largest enterprise network
. Work very closely with [your] Internet service provider--or for multinationals, providers--to successfully deal with these attacks, said Arbors Dobbins.
Build relationships and lines of communication
in advance. At 4 a.m., if there is a DDoS attack, its not the time you want to be scrambling around trying to reconfigure your infrastructure, and finding who call at your ISP, he said.
10. Consider countermeasures.
While the legality of certain types of attack countermeasures is an open question, Radware said that network gear may be able to automatically mitigate suspected DDoS attacks. For example, it can silently drop questionable packets, or send a TCP reply to the attacker that advertises window size equals 0, which says that for the time being, no new data can be received. Legitimate clients generally respect this and will suspend their communication for the time being, according to Radwares report. It seems that some attackers also honor this message and suspend the attack until a new, larger window size is advertised, which of course the site being attacked has no intention of doing.
Its no longer a matter of if you get hacked, but when. In this special retrospective of news coverage,
Monitoring Tools And Logs Make All The Difference
, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
10 Strategies To Fight Anonymous DDoS Attacks