DDOS Attack
Defeating/Defending from Distributed Denial of Service
Attacks
DDOS Patterns
1: Spoofing
Attackers often hide the identity of machines used to carry out an attack by falsifying the source address
of the network communication. This makes it more difficult to identity the sources of attack traffic and
sometimes shifts attention on towards innocent third parties.
Solutions:
User organizations and Internet service providers can ensure that traffic exiting an organizations site,
or entering an ISPs network from a site, carries a source address consistent with the set of addresses for
that site
2: Broadcast Amplification(Smurf attack)
The malicious user generates/spoofs packets with a source address of the site he wishes to attack (Site
A)and then sends a series of network packets to an organization with lots of computers (Site B), using an
address that broadcasts the packets to every machine at site B. Unless precautions have been taken,
every machine at Site B will respond to the packets and send data to the organization (Site A) that was
the target of the attack. The target will be flooded and people at Site A may blame the people at Site B.
Attacks of this type often are referred to as Smurf attacks.
Solutions:
Unless an organization is aware of a legitimate need to support broadcast or multicast traffic within its
environment, the forwarding of directed broadcasts should be turned off. Even when broadcast
applications are legitimate, an organization should block certain types of traffic sent to "broadcast"
addresses (e.g., ICMP Echo Reply) messages so that its systems cannot be used to effect these Smurf
attacks. Network hardware vendors should ensure that routers can turn off the forwarding of IP directed
broadcast packets as described in RFC 2644 and that this is the default configuration of every router.
3: Lack of Appropriate Response To Attacks
Many organizations do not respond to complaints of attacks originating from their sites or to attacks
against their sites, or respond in a haphazard manner.
Solutions:
User organizations should establish incident response policies and teams with clearly defined
responsibilities and procedures.
4: Unprotected Computers
Page 1|2
�DDOS Attack
Many computers are vulnerable to take-over for distributed denial of service attacks because of
inadequate implementation of well-known "best practices.
DDOS Solutions:
User organizations should check their systems periodically to determine whether they have had
malicious software installed, including DDOS Trojan Horse programs. If such software is found, the
system should be restored to a known good state.
System administrators should deploy firewalls, intrusion detection systems, virus detection software, and
software to detect unauthorized changes to files. This will reduce the risk that systems are compromised
and used as a base for launching attacks. It will increase confidence in the correct functioning of the
systems. Use of software to detect unauthorized changes may also be helpful in restoring compromised
systems to normal function.
Proper Planning & Implementations may Provide Adequate Safeguards.
Key Items to be considered .
# Establish load and traffic volume monitoring at ISPs to provide early warning of attacks.
# Accelerate the adoption of the IPsec components of Internet Protocol Version 6 and Secure Domain
Name System.
# Increase the emphasis on security in the research and development of Internet II.
# Support the development of tools that automatically generate router access control lists for firewall and
router policy.
# Encourage wider adoption of routers and switches that can perform sophisticated filtering with minimal
performance degradation.
# Sponsor continuing topological studies of the Internet to understand the nature of "choke points."
# Test deployment and continue research in anomaly-based, and other forms of intrusion detection.
# Support community-wide consensus of uniform security policies to protect systems and to outline
security responsibilities of network operators, Internet service providers, and Internet users.
Copyright 2015
All Rights Reserved NetConcentric
Email: [email protected]
Page 2|2
