 |
USA Edition | Today Is Monday, September 6, 2010 |
|---|
| Browsing Technology Section | 2 Items Found | ||
|---|---|---|---|
| « Earlier | « In Date Order » | ||
Immediacy Era Brings New Criminals And Unwanted Challenges
DDoS attacks are not uncommon. They occur every day. Just last year there were an average of 50,000 such attacks somewhere in the world every week. DDoS attacks are made possible, to some degree, by the modular design of the internet. Modular design means that what’s happening in Beijing is isolated from what’s happening in San Francisco, or Cape Town.
Robert Butche
Cyberspace
DDoS Attacks On Newsroom Magazine
“The frequency of cyber-attacks and the impact of malicious software reached epidemic proportions in 2009.
This trend is continuing to accelerate into 2010 as millions of computers are compromised every month by sophisticated attackers.
These infected PCs are collected and controlled in the form of “Botnets,” and can be used to launch coordinated Distributed Denial of Service attacks (DDoS) and other cyber-attacks.
Today’s cyber-criminals perpetually create new attack variants to support increasingly complexity in attack vectors.”
DDoS is an acronym for Distributed Denial of Service to one or many Internet sites. Such attacks serve no useful purpose other than to make internet sites difficult or impossible for users to access. In their most basic form, DDoS attacks block traffic to large numbers of websites by overloading the Internet infrastructure itself, not the sites being attacked. During attacks no data is exchanged, no information obtained, no damage to the website or its support equipment.
DDoS Attacks The Internet
In its most basic form, a DDoS attack does not always access a target website because the attack takes place within the Internet infrastructure — external to websites and their servers.The loss of service users experience is not because the website is overloaded but because the routers and signal paths that deliver traffic to the affected servers are overloaded.
Thus every DDoS attack occurs within the Internet itself, not web server computers. This makes DDoS attacks impossible to defend against. Even the most secure sites are at risk because DDoS attacks take place on the public routers and signal paths.
According to Newsroom Magazine publisher Robert Butche, “DDoS attacks are not uncommon. They occur every day. Just last year there were an average of 50,000 such attacks somewhere in the world every week.
DDoS attacks are made possible, to some degree, by the modular design of the internet. Modular design means that what’s happening in Beijing is isolated from what’s happening in San Francisco, or Cape Town.”
The problem of DDoS attacks have become so serious, and costly, that countermeasures and management strategies are now offered by highly sophisticated firms, such as Prolexic Technologies, that provide highly effective solutions for mission critical Internet service providers and publishers.
Anatomy Of A DDoS Attack
DDoS Attacks Overload Network Routers and Servers
Every website is hosted on a special computer configuration known as a web server. Websites have a private digital address that’s similar to post office addresses in the sense that the address is routable from anywhere on the planet.
When we open a website our browser, whether it be Microsoft’s Internet Explorer, FireFox, Opera, or others, sends the website URL ( newsroom-magazine.com ) to a address look up server that converts the URL to the discrete digital address required to route the request from your computer to the web server.
When we visit web sites, our browser initiates a series of requests for information then waits for a response from the distant server.
When the target site, including any of the routers and fiber-optic links that connect it to the Internet, are under a DDoS attack, the electronic network and server equipment become overloaded by bogus demands for service.
What legitimate users see is a slowness, or unresponsiveness of the website which as the feel of there being to many users on the site when in reality there are very few users being serviced in a veritable avalanche of incoming traffic from all over the world.
Asymmetric Warfare
A DDoS attack is malevolently intended to trigger a web server crash. It’s no accident. Computers all over the world are synchronized to begin generating multiple requests at the same time.
Many computers are required, but that’s not enough to generate an effective attack.
The computers must be distributed over multiple segments of the Internet. Imagine the streets in a large city.
If one street becomes congested, it’s simple enough to reroute traffic around that single street.
If all (or nearly all) the streets are congested, paralyzing gridlock can result.
DDoS attacks use large numbers of computers to generate a constant and ongoing series of data requests. So many are sent that they begin to overwhelm the web server with requests from different parts of the Internet. Web server software, such as the Apache system in wide use worldwide, is designed to deal with traffic surges. Excessive requests are discarded by the server but as traffic continues to rise more and more incoming requests are have to be abandoned.
According to Prolexic, “DDoS attackers have a significant advantage over their targets. The concentrated power of even a small botnet of 20,000 computers can take down over 90% of Internet sites. The general term to understand the power relationship is asymmetric warfare.
DDoS attacks are designed and intended to keep increasing the service requests and as the numbers rise more and more are discarded by the server. When the incoming requests are double the number the server can handle, only about 50% of the legitimate requests are serviced. When the incoming traffic is 10 times the maximum, only 10% of legitimate traffic gets through.
If there is more than one address being attacked, the overload causes packet loss upstream from the target server. First the incoming data circuit that connects the server to it’s principal incoming router — typically in some other city — reaches its traffic limit. As the traffic continues to escalate the circuit drops more and more packets thus reducing the number of valid requests for service.
The outcome is always the same — several or hundreds of thousands of websites slow down, fail to respond, or simply disappear from view as the attack unlawfully overloads the Internet infrastructure, hosting facilities and websites of every description.
Practical Impact Of DDoS Attacks
Newsroom Magazine has suffered 10 DDoS attacks in the first 7 months of 2010. Three of these attacks were in July. One severely crippled our visibility, both for the Washington D.C. and the London sites for nearly 6 hours. For the vast majority of our readers, Newsroom Magazine was effectively off the air for most of the day in North America.
The second July attack ( only three days after the first ) lasted for about 3 ½ hours. By the time it was over we were not only off the air, but our server systems were damaged requiring that stand-by systems be put online.
A fourth July attack occurred coincident with the publication of this article early in the morning of July 27, 2010.
The third July attack lasted only an hour, increased our front page response time from 5 seconds to about one minute, but did no damage to our systems or infrastructure. All of the July attacks began around 7 am EDT.
We apologize to our readers for these, and what are sure to be many future interruptions.
But, as you have now come to know, we are not alone in having to deal with Internet crime and intentional disruption of Internet traffic.