Previous Next

Inside Ball

Currently Being Moderated

Avoiding A DDoS Attack, or a DDoS Shutdown

Posted by emoltzen on Aug 9, 2009 7:37:51 PM

The DDoS attack that took down Twitter last week is stark in the scope and effectiveness of how it iced one of the Internet’s most popular sites - - but also an opportunity to examine a few key best practices for fending off such an attack.


The typical Denial-of-Service attack takes place when series of PCs or devices blitz a server with such a huge amount of real or simulated traffic that the web site can’t manage it, and a failure happens.  (The type that hit Twitter last week appears to have been in the form of a spam-email bombardment.)


And it doesn’t just have to happen to a high-profile website like Twitter, either. The CRN Test Center’s own security threat lab, which includes a simulated network, has been subjected to DDoS attacks during the past year.


Key points to remember when trying to avoid such an attack:


- If a web site is critical to a business’ operation, then constant monitoring is a must. Whether using a proprietary solution or an open source solution like WireShark, developing a baseline number for how much traffic a web site typically gets will allow you to know when a site fluctuation occurs. Often the first noticeable sign of an attack is a sudden, large and unexplained increase in traffic.


- In addition to monitoring traffic and bandwidth levels, look for patterns in suspicious activity that increase or become more unusual over time. Is an intruder trying to drop root kits or other tools to assist them? There will sometimes be warning signs in advance that a site is being targeted for a DDoS attack. Heed them.


- DDoS attacks need not be fatal. Intruders will often key on specific ports in a typical attack - - so shutting down ports that are under siege and re-routing legitimate traffic to other ports will need to be done nimbly.


- Redundancy helps. If a web site is self-hosted, business continuity planning needs to include web servers as well. If a site is hosted by a third party, ask ahead of time what redundancy that host has in place. Also, if possible, know who else is sharing the same server as your web site. If you’re sharing server space with a high profile site, say, Twitter, you better work out a continuity and redundancy plan well in advance.


New approaches, like blocking IP addresses from entire geographies, may also need to come under consideration.


Best practices and attention to detail can go a long way toward fighting it off even massive attacks.

Share this blog: Digg   Del.icio.us   Reddit       LinkedIn  
Tags: security, ddos, twitter


There are no comments on this post

emoltzen

emoltzen

 Member since: Mar 12, 2007

Ed Moltzen's blog on Channelweb Connect, focusing on industry events, tech and trends.

View emoltzen's profile

Actions

Popular Blog Posts