2nd April 2010

A Small Editorial On DDoS Attacks

DOS.  DDOS.  Zombie bots.  These terms likely mean nothing to most people out there, yet the effects of them can actually manage to affect the way most people today do business.

DOS stands for Denial Of Service (it also stands for “Disk Operating System”, but that’s not the definition I’m going to write about here).  It’s a form of attack on pretty much anything Internet Related… although primarily it was used to focus on websites and personal computers.  The basic idea behind a DOS attack was to send so much “garbage” information to a person’s computer or connection, that it would become bogged down by the data and cause legitimate requests to either become extremely delayed, or completely lost while waiting for its chance to get through the line.  This was, understandably so, an extremely effective means of attack on personal computers back when most of the population was using dial-up connections… when a person’s phone line can only carry 6KB a second (to give an idea of that speed, the average picture on a website would have taken 3 to 4 seconds to actually show up on your computer screen), it would not have taken much at all to bog that connection right down, and possibly even disconnect the user.

These days though, no one actually uses dial-up (allowing for the possibility of 4 or 5 people who still haven’t reached civilization, and only have basic phone lines running into their cave), so sending 6KB of data would do nothing more than make your modem light blink for a fraction of a second.  Enter the DDOS, or Distributed Denial Of Service.  It’s pretty much the same as DOS, yet instead of coming from a single source, it’s coming in from multiple sources – anywhere from two to millions, depending on the tactic used and the form of data being transmitted.  Sending 6KB a second from a single source would do nothing to pretty much any user or site these days, but to take that same 6 KB and send it from 2000 computers all at once, you now have 12,000 KB (or 12MB) of data all at once traveling through the wire to your home PC, or through the cable to that website’s server in Texas (or wherever) – something that most connections would choke under, or at the very least experience some extreme lag (lag is the amount of time it takes for a signal to reach you from somewhere else, and vice versa).

As some of you may know, we here at Village Gamer have in the past been the target of multiple DDOS attacks.  Our “ignored sibling” company (that’s Tami’s term) KillaNet Technology was a pet project for a packet kiddie from California for a number of years. Wait – what’s a packet kiddie, right?  A Packet is a way of measuring data traveling through the Internet. A packet kiddie is a less-than-endearing term used to describe a wanna-be hacker who uses someone else’s code to launch attacks on websites and people through the internet.  After much time was spent going through firewall logs, chat logs, data graphs, and so much lost sleep that I actually lost track, he was put before the California State Courts and found guilty for his attacks against us.  It was a small victory in the World of cyber-crime and DDoS perpetrators, but it still showed that justice could be achieved and that it is possible to survive DDoS attacks.

Most sites and users will actually pack up shop if they become a steady target of these attacks.  This is the worst thing someone can do, as it tells the kiddie that what he did is not only alright, but also successful.  Giving in to these people is the worst thing you can do. I attribute it to supplying a drug addict with more pills; they get the thrill from doing it the first time, and you handing over more just tells them that what they are doing is alright.  So how do you combat the attack?  Firstly, you have to keep your cool and ride it out.  There is nothing you can do to stop it from happening once it starts, unless you can actually go to the source and unplug each and every computer that is part of the attack, so no point stressing out over it or raging.  It won’t last forever, consider it a good chance to pull out that favourite book, or watch a movie with the family.  Your fight starts once the attack is over.

So the attack has slowed down now, and you can see your website.  Awesome, right?  Grab a coffee, the fun is just starting.  The first thing you need to do is grab ALL of your site’s logs.  Even if the attack did not target your website specifically (by way of visiting the exact same page repeatedly to bog down the server), most perpetrators will frequent the site just before, and again during the attack so that they can watch the results of their efforts.  These logs can prove to be invaluable to you later.  As soon as the attack subsides, you need to contact your web hosting service provider (or if the attack targets you directly contact your ISP) and ask if they work with law enforcement on such cases, or if it is something you will have to pursue yourself.  As an example, the data centre which holds our server, while providing a dependable service, does not seek out law enforcement when an attack is launched against it. This meant that we had to contact the FBI offices ourselves.  Now, don’t go thinking that the law enforcement won’t care about your little problem, because every crime is worth the few seconds it would take to report.

So, how do you combat against an attack?  In simple terms, you can’t.  No amount of server tweaking, website securing, or firewall configuring can stop an incoming flood of data from the outside world.  The problem with firewalls and DDoS attacks is that the traffic has already entered your local lines before it reaches the firewall.  Honestly, only your “upstream provider” can filter out a significant attack.  If the attack is targeting your home connection, quite often a simple phone call to your service provider requesting that they refresh your IP address is enough.  With Dial-up, this was as easy as disconnecting and reconnecting.  These days though, most people use high-speed internet and getting a new IP is slightly more time consuming, although truly worth the effort.  If the attack is focused on your website, you may be looking at more of a headache.  While an IP change can restore access to your site, the DNS settings would still be pointing to the attacked IP, essentially leaving you still offline.  In these cases, you need to contact your service provider the moment an attack starts and request that they put a filter in place to combat the incoming data.  If your service provider is not willing to do this, it may be time to look into a new one.  These days, you shouldn’t even consider going with a web host who does not seem willing to discuss the possibility of DDoS combat or filtering.  The tools are available, and there is no excuse for a provider to not be making full use of them.

The thing to always remember when you are the target of an attack is to not give up.  Ride it out, gather as much information as you can, and learn from the process you go through to track down the source and the methods.  There is nothing you can do to prevent an attack – it happens.  Take it as an educational opportunity and go from there.  Giving up means that the kiddies are winning, and we do not want to give them that satisfaction.

This entry was posted on Friday, April 2nd, 2010 at 10:15 am and is filed under Editorials, News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

You must be logged in to post a comment.

  • Archives

  • Subscribe to our Newsletter

  • Select a list:

  • GWEN Radio
  • Gamers Giving Back