A number of DDoS attacks hit Ireland
It is becoming more and more common to hear of DDoS attacks, but over the last week a number of Irish Government and popular sites have been hit were offline for several hours because of same.
Among those affected where Government sites from the Central Statistics Office (CSO), the Oireachtas, the Department of Justice, the Department of Defence, and the Courts Services of Ireland, other sites affected recently were Meteor, Eir and Ireland’s National Lottery website as well as Boards.ie, one of the more popular Irish Forums. Some of these sites were merely down for a couple of hours but others were offline for longer durations.
What are DDoS attacks?
DDoS stands for Distributed Denial of Service attack which is where systems bandwidth and or resources get flooded with transmissions, these transmissions may crash a system as it can no longer respond or may just use the resources to completion in order to render a system unresponsive, think of it like being constantly asked questions which prevent you from fulfilling your daily tasks.
ISC2 describe a DDoS attack as an attack “to overload it through excessive traffic or traffic that has been “crafted” to confuse the network into shutting down or slowing to the point of uselessness” (ISC2 2015)
As many as 2000 DDoS attacks have been identified by (Abor Networks), some of these can be seen by their threat map located at http://www.digitalattackmap.com/#anim=1&color=0&country=RU&list=0&time=16826&view=map
The image below was taken 26-1-2015 @15.45 from the above site
Defending against DDoS attacks
Because DDOS attacks are conducted commonly via botnets, which are made up from a large number of devices to include unsuspecting home and business users systems where a Trojan has been deployed. This makes the standard countermeasure for DDOS – blocking/blacklisting associated IP addresses – extremely hard.
Organisations can reduce the effect of these attacks by reducing their attack surface,by establishing performance baselines and monitoring traffic, where possible blocking web traffic from the large numbers of IP addresses that are known to be bot-infected, or are known sources of malware and DoS attacks as well as using stateful packet inspection firewalls.
The US National Cybersecurity and Communications Integration Center list the following for Mitigating Large Scale DoS/DDoS Attacks (National Cybersecurity and Communications Integration Center 2014)
- Some DDoS Mitigation Actions and Hardware
- Stateful inspection firewalls
- Stateful SYN Proxy Mechanisms
- Limiting the number of SYNs per second per IP
- Limiting the number of SYNs per second per destination IP
- Set ICMP flood SCREEN settings (thresholds) in the firewall
- Set UDP flood SCREEN settings (thresholds) in the firewall
- Rate limit routers adjacent to the firewall and network
CISCO have released an excellent white paper on DDoS attacks which is available at the following location and is well worth a read http://www.cisco.com/web/about/security/intelligence/guide_ddos_defense.html
A report by Trend Micro illustrates that DDoS Attacks can be purchased on the black market and darknet for us$150 for a week long attack (Trend Micro 2012).
These sort of attacks are appearing more common and will continue to be a problem as most companies do not include suitable protection from these sort of ongoing attacks.
ISC2. (2015). Official (ISC)2 training Guide CISSP CBK (4th ed.).
Retrieved from http://www.arbornetworks.com/threats/
Trend Micro 2012
Retrieved from http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-101.pdf
National Cybersecurity and Communications Integration Center 2014
Retrieved From https://www.us-cert.gov/sites/default/files/publications/DDoS%20Quick%20Guide.pdf