Sep 03, 2009

Taking a Look at Denial of Service

by: in LEAP

It's not just big name sites like Twitter and Facebook that can fall victim to a Denial of Service (DoS) attack. Any site can be vulnerable to DoS, from a deliberate attack to a negative side effect resulting from an increase in its online profile. For any brand with a website, it's better to be prepared for than put out of commission by DoS. A DoS attack can be executed in several different ways.

Botnets: A botnet is a group of remote computers that is being run by someone for mischievous purposes. The entire botnet can be harnessed to attack one site or a group of sites to cause a DoS. For example, a botnet can request so many pages from a web server that the server won't be able keep up with them all and be unable to respond. The server's inability to keep up with all of these requests causes the DoS to occur.

Organized groups: An organized group like some sort of protest group that wants to take down government or financial sites can also coordinate a DoS. Similar to a botnet attack, the group would all attempt to access their targeted sites at the same time, elevating site traffic to a point where the site is unable to handle it all.

Ping floods: Another way to launch a DoS attack is ping floods. This attack would take place at a network level and works similarly to an attack on a server. The DoS attacker would request so many "reply backs" from the network that it would be flooded with all these different requests and wouldn't be able to respond.

Vulnerability to a DoS attack can result from a blend of two factors. Some sites, for example, are targeted a bit more than others because they have higher profiles. An individual or group responsible for an attack on a high visibility site can boast how they took down that site. Higher profile sites can also be attacked simply because the attacker doesn't like what the site does or offers or because the site has been in the news a great deal. A site can also be vulnerable to a DoS attack because of poor coding or network maintenance. Routers that aren't configured to prevent IP spoofing from invalid source addresses can allow a network to be breached, and this can lead to problems. These problems can generally be easy fixes to do before an attack occurs but there can be instances where they pose difficult challenges to resolve. Sometimes a DoS can happen and not even be caused by a deliberate attack. If a site reaches a certain level of popularity, it can be linked on sites like Slashdot and receive a bump in traffic. However, when a smaller site with a smaller server appears on these sites, the result can be a sudden, overwhelming burst of traffic with hundreds of thousands of hits coming all at once. This can lead to a DoS but one not driven by any malicious intentions, just a result to the exposure a site has gotten (the dark side of the "Slashdot Effect," if you will). Sites need to keep in mind that as their popularity grows, they face the potential for either deliberate or accidental DoS problems. To be prepared for this eventuality, sites need to be sure they have the infrastructure in place that will enable them to be ready to handle more traffic. A really good way to have this DoS protection is to be sure your web host has a good reputation and is able to do the work that you'll need to help protect your site from being knocked down by a DoS.