Well, for me personally, I'm going to stick it out with good old reggie. And it's not because i'm particularly loyal to the company. I don't have shares. no.. no.. I don't work there... neither does any family immediate or otherwise. The decision to stay is based entirely on the type of attack that took place.
Ah... availabilty attacks. Such beautiful things. Uncaring and unsophisticated they aim only to crowd the entrance way enough so that legitimate customers can't get in. And to do that, they don't need to crack the passwords to the server, or release deadly viruses on the network, or any of that sort. Some do use these additional elements for more efficient attacks but they aren't really necessary for the basic DoS or DDoS.
Denial of Service attacks (including their distributed versions) need only sufficient resources at their disposal to attempt to over-use the legitimate service being provided to them. That is too say, if you want to DoS a DNS server, you just need to make a very high amount of standard DNS requests very quickly. And poof! you've out-resourced the server and they're down for the count. Quick literally "for the count" actually, because they're only down for as long as you can maintain the storm. Once you ease up and their resources are freed, well... they're back in game.
So, who's vulnerable? Anyone that provides a service on the Internet is vulnerable. And I mean anyone. The easiest way to envision this is, once your customers can access your service, DoS attacks can as well. WOW eh? I bet you never thought you were so vulnerable. Why hasn't it happened to you, you may ask? Well most likely either you're not popular enough or you simply haven't been noticed yet.
And here's the best part: What can you do when you get hit with a DoS? ......
.... Nothing.
That's not entirely true I suppose. I should say, nothing effective. You do have a couple of options. One is to call your ISP and ask them to ban the range of attacking IP's that are targetting your service (I hope you have a fresh pot of coffee in front of you. They tend to be "very busy" and make you wait forever). A good piece of advice is, when calling your ISP for this kind of problem, have all the facts you need right in front of you: IP address, name, attacking subnets, start time of attack, number of attackers, etc.
Another approach is to Turing test all your web servers (this of course only helps for ddos over web servers). Turings are the little cute disfugured images you get on every other website these days that basically ask you to confirm that you're human. It's an easy mock-up to do in C#. Tack this bad boy to your sites and configure to only activate when repition is detected or utilization is high.
Posts
No comments:
Post a Comment