Vulnerabilities / Threats
2/7/2012
01:53 PM
50%
50%

10 Strategies To Fight Anonymous DDoS Attacks

Preventing distributed denial of service attacks may be impossible. But with advance planning, they can be mitigated and stopped. Learn where to begin.

Anonymous: 10 Facts About The Hacktivist Group
Anonymous: 10 Facts About The Hacktivist Group
(click image for larger view and for slideshow)
Consider 2011 to be the year that distributed denial-of-service (DDoS) attacks went mainstream.

Who's responsible? Blame Anonymous, according to a new report released Monday by security vendor Radware.

"Their major campaign, Operation Payback, during the WikiLeaks saga in December 2010--against those supporting the U.S. government--was the turning point that shaped the security scene in 2011," according to the report. In short, by distributing easy-to-use DDoS tools, such as low-orbit ion cannon, Anonymous popularized DDoS attacks.

[ So you've been hacked. Learn 9 Ways To Minimize Data Breach Fallout. ]

But are DDoS attacks something that businesses and government agencies must simply endure, or, can they be more actively resisted? In fact, organizations can take a number of steps to at least mitigate the effect that DDoS attacks have on their websites, servers, databases, and other essential infrastructure.

1. Know you're vulnerable.
One lesson from the use of DDoS by Anonymous--as well as its sister hacktivist group LulzSec--is that any site is at risk. That's not meant to sound alarmist, but rather simply to acknowledge that the hacktivist agenda can seem random, at best. Indeed, after Anonymous came along, "the financial sector, which had not really considered itself as a prime target, was hit and urgently forced to confront threatening situations," according to the Radware report. "Government sites had been targeted before, but 2011 saw a dramatic increase in frequency, and neutral governments that felt themselves exempt, like New Zealand, were attacked."

2. DDoS attacks are cheap to launch, tough to stop.
As the recent Anonymous retaliation for the Megaupload takedown shows, hacktivists can quickly crowdsource "5,600 DDoS zealots blasting at once," as Anonymous boasted on Twitter, to take down the websites of everyone from the FBI and the Justice Department to the Motion Picture Association of America and Recording Industry Association of America. "DDoS is to the Internet what the billy club is to gang warfare: simple, cheap, unsophisticated, and effective," said Rob Rachwald, director of security strategy of Imperva, via email.

3. Plan ahead.
Stopping DDoS attacks requires preparation. If attacked, "folks that don't take active measures to ensure the resilience of their networks are going to get knocked over," said Roland Dobbins, Asia-Pacific solutions architect for Arbor Networks, via phone. "They need to do everything they can to increase resiliency and availability." Accordingly, he recommends implementing "all of the industry best and current practices for their network infrastructure, as well as applications, critical supporting services, including DNS."

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DrRo
50%
50%
DrRo,
User Rank: Apprentice
3/16/2015 | 12:18:46 PM
Re: No real information
I would like to point out that YOU came to THIS article 2 YEARS after it was posted. In the IT field, it's pretty much Rule-of-Thumb that unless it was posted today it most likely isn't relevant. The fault here isn't as much with the author as it is with you. Yes he provided some AMAZINGLY useless information. I mean seriously he named this article "10 Strategies to fight Anonymous DDoS Attacks" and then rode Anonymous's d*** for the entire thing and gave us no actualy strategy to actually fight these attacks. Considering all of that, I still think your comment was stupid and needless since you completely ignored the date it was published.

Let's hope you put more thought into your work than you do your commenting.
socratessaysno
50%
50%
socratessaysno,
User Rank: Apprentice
12/13/2014 | 2:20:24 AM
No real information
From what I've seen, the article did absolutely NOTHING on actually providing any worthwhile or relevent information beyond failing horribly at trying to sound helpful.


After reading the comments, this website should fire the author of this article and fill it in with the comments. Going to try a few of them out on myself and see which ones I like best. The commenters were more helpful than this garbage article. I didn't realize we needed to be told how to use common sense.
Ogara7
50%
50%
Ogara7,
User Rank: Apprentice
2/2/2014 | 4:13:13 AM
re: 10 Strategies To Fight Anonymous DDoS Attacks
My friend got a guy to dodos my minecraft server too... I managed to talk to him nd calm the situation down but I'm still concerned. My PC is 4 years old! It will never survive!
KyleT412
50%
50%
KyleT412,
User Rank: Apprentice
7/21/2013 | 5:44:20 AM
re: 10 Strategies To Fight Anonymous DDoS Attacks
I need a trick FAST. Apparently Anon is going to DdoS me on Monday D:. I own a minecraft server and they came on and fucked it up so i DdoSed him for 5mins. He said they will DdoS me and fry my router OR I have to pay them $800. And im 14 soooo ya.
seoarcher
50%
50%
seoarcher,
User Rank: Apprentice
1/26/2013 | 4:18:43 AM
re: 10 Strategies To Fight Anonymous DDoS Attacks
I also forgot to mention it is running php on a windows machine co .htaccess blocking will not work. I post some info here also http://www.seoarcher.com .
seoarcher
50%
50%
seoarcher,
User Rank: Apprentice
1/26/2013 | 4:14:59 AM
re: 10 Strategies To Fight Anonymous DDoS Attacks
My http://www.seoarcher.com website is suffering badly by a DoS attack. The user is changing ips daily so its hard to stop. Any help . pleasee...
jeandebogue
50%
50%
jeandebogue,
User Rank: Apprentice
11/28/2012 | 6:04:55 PM
re: 10 Strategies To Fight Anonymous DDoS Attacks
It's because there is a trick to block the traffic before it reaches you. In fact there are more than just 1 trick.

If you are curious let me know and I'll let you know what it is.
Juffe
50%
50%
Juffe,
User Rank: Apprentice
10/3/2012 | 9:46:46 AM
re: 10 Strategies To Fight Anonymous DDoS Attacks
You should also keep a close eye on the security logs for unknown username / password login attempts since they also consume CPU / RAM to manage.. When it comes to Windows servers I personally recommend having a look at Syspeace ( http://www.syspeace.com ) and for Linux fail2ban. Also consider redirecting 404 and 403 errors on webservers to somewhere else, to Google or 127.0.0.1 or something ..
davesg
50%
50%
davesg,
User Rank: Apprentice
2/8/2012 | 7:38:55 PM
re: 10 Strategies To Fight Anonymous DDoS Attacks
IMO most of this is fluff. If the bandwidth of a targetted DOS attack is larger than the pipe it is unstoppable. Really one of the things you mentioned, being friends with your upstream, and your upstreams pipe being bigger than the DOS attacks capacity is the only thing that will help you.
virtual
50%
50%
virtual,
User Rank: Apprentice
2/8/2012 | 5:55:13 PM
re: 10 Strategies To Fight Anonymous DDoS Attacks
There are other steps that companies and the government can take to stop hackers from breaking into networks, even the Chinese hackers.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2001-1594
Published: 2015-08-04
GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P&R user account, (5) insite for the WinVNC Login, an...

CVE-2002-2445
Published: 2015-08-04
GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password of (1) root.genie for the root user, (2) "service." for the service user, (3) admin.genie for the admin user, (4) reboot for the reboot user, and (5) shutdown for the shutdwon user, which has unspecified impact and attack vectors.

CVE-2002-2446
Published: 2015-08-04
GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors.

CVE-2003-1603
Published: 2015-08-04
GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors.

CVE-2004-2777
Published: 2015-08-04
GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002...

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!