Vulnerabilities / Threats
2/7/2012
01:53 PM
Connect Directly
RSS
E-Mail
50%
50%

10 Strategies To Fight Anonymous DDoS Attacks

Preventing distributed denial of service attacks may be impossible. But with advance planning, they can be mitigated and stopped. Learn where to begin.

Anonymous: 10 Facts About The Hacktivist Group
Anonymous: 10 Facts About The Hacktivist Group
(click image for larger view and for slideshow)
Consider 2011 to be the year that distributed denial-of-service (DDoS) attacks went mainstream.

Who's responsible? Blame Anonymous, according to a new report released Monday by security vendor Radware.

"Their major campaign, Operation Payback, during the WikiLeaks saga in December 2010--against those supporting the U.S. government--was the turning point that shaped the security scene in 2011," according to the report. In short, by distributing easy-to-use DDoS tools, such as low-orbit ion cannon, Anonymous popularized DDoS attacks.

[ So you've been hacked. Learn 9 Ways To Minimize Data Breach Fallout. ]

But are DDoS attacks something that businesses and government agencies must simply endure, or, can they be more actively resisted? In fact, organizations can take a number of steps to at least mitigate the effect that DDoS attacks have on their websites, servers, databases, and other essential infrastructure.

1. Know you're vulnerable.
One lesson from the use of DDoS by Anonymous--as well as its sister hacktivist group LulzSec--is that any site is at risk. That's not meant to sound alarmist, but rather simply to acknowledge that the hacktivist agenda can seem random, at best. Indeed, after Anonymous came along, "the financial sector, which had not really considered itself as a prime target, was hit and urgently forced to confront threatening situations," according to the Radware report. "Government sites had been targeted before, but 2011 saw a dramatic increase in frequency, and neutral governments that felt themselves exempt, like New Zealand, were attacked."

2. DDoS attacks are cheap to launch, tough to stop.
As the recent Anonymous retaliation for the Megaupload takedown shows, hacktivists can quickly crowdsource "5,600 DDoS zealots blasting at once," as Anonymous boasted on Twitter, to take down the websites of everyone from the FBI and the Justice Department to the Motion Picture Association of America and Recording Industry Association of America. "DDoS is to the Internet what the billy club is to gang warfare: simple, cheap, unsophisticated, and effective," said Rob Rachwald, director of security strategy of Imperva, via email.

3. Plan ahead.
Stopping DDoS attacks requires preparation. If attacked, "folks that don't take active measures to ensure the resilience of their networks are going to get knocked over," said Roland Dobbins, Asia-Pacific solutions architect for Arbor Networks, via phone. "They need to do everything they can to increase resiliency and availability." Accordingly, he recommends implementing "all of the industry best and current practices for their network infrastructure, as well as applications, critical supporting services, including DNS."

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Ogara7
50%
50%
Ogara7,
User Rank: Apprentice
2/2/2014 | 4:13:13 AM
re: 10 Strategies To Fight Anonymous DDoS Attacks
My friend got a guy to dodos my minecraft server too... I managed to talk to him nd calm the situation down but I'm still concerned. My PC is 4 years old! It will never survive!
KyleT412
50%
50%
KyleT412,
User Rank: Apprentice
7/21/2013 | 5:44:20 AM
re: 10 Strategies To Fight Anonymous DDoS Attacks
I need a trick FAST. Apparently Anon is going to DdoS me on Monday D:. I own a minecraft server and they came on and fucked it up so i DdoSed him for 5mins. He said they will DdoS me and fry my router OR I have to pay them $800. And im 14 soooo ya.
seoarcher
50%
50%
seoarcher,
User Rank: Apprentice
1/26/2013 | 4:18:43 AM
re: 10 Strategies To Fight Anonymous DDoS Attacks
I also forgot to mention it is running php on a windows machine co .htaccess blocking will not work. I post some info here also http://www.seoarcher.com .
seoarcher
50%
50%
seoarcher,
User Rank: Apprentice
1/26/2013 | 4:14:59 AM
re: 10 Strategies To Fight Anonymous DDoS Attacks
My http://www.seoarcher.com website is suffering badly by a DoS attack. The user is changing ips daily so its hard to stop. Any help . pleasee...
jeandebogue
50%
50%
jeandebogue,
User Rank: Apprentice
11/28/2012 | 6:04:55 PM
re: 10 Strategies To Fight Anonymous DDoS Attacks
It's because there is a trick to block the traffic before it reaches you. In fact there are more than just 1 trick.

If you are curious let me know and I'll let you know what it is.
Juffe
50%
50%
Juffe,
User Rank: Apprentice
10/3/2012 | 9:46:46 AM
re: 10 Strategies To Fight Anonymous DDoS Attacks
You should also keep a close eye on the security logs for unknown username / password login attempts since they also consume CPU / RAM to manage.. When it comes to Windows servers I personally recommend having a look at Syspeace ( http://www.syspeace.com ) and for Linux fail2ban. Also consider redirecting 404 and 403 errors on webservers to somewhere else, to Google or 127.0.0.1 or something ..
davesg
50%
50%
davesg,
User Rank: Apprentice
2/8/2012 | 7:38:55 PM
re: 10 Strategies To Fight Anonymous DDoS Attacks
IMO most of this is fluff. If the bandwidth of a targetted DOS attack is larger than the pipe it is unstoppable. Really one of the things you mentioned, being friends with your upstream, and your upstreams pipe being bigger than the DOS attacks capacity is the only thing that will help you.
virtual
50%
50%
virtual,
User Rank: Apprentice
2/8/2012 | 5:55:13 PM
re: 10 Strategies To Fight Anonymous DDoS Attacks
There are other steps that companies and the government can take to stop hackers from breaking into networks, even the Chinese hackers.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2942
Published: 2014-09-22
Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code.

CVE-2014-5522
Published: 2014-09-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6025. Reason: This candidate is a reservation duplicate of CVE-2014-6025. Notes: All CVE users should reference CVE-2014-6025 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

CVE-2014-5523
Published: 2014-09-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5524. Reason: This candidate is a duplicate of CVE-2014-5524. Notes: All CVE users should reference CVE-2014-5524 instead of this candidate. All references and descriptions in this candidate have been removed to prevent acciden...

CVE-2014-5575
Published: 2014-09-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE-2014-5665
Published: 2014-09-22
The Mzone Login (aka com.mr384.MzoneLogin) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
Dark Reading Radio