Digi-Data connect logo
home link send email link
Digi-Data Connect Broadband Solutions
DDOS links

 
 

 

Distributed Denial of Service (DDOS)

Overview

Distributed Denial of Service (DDOS) attacks threaten computer networks worldwide. The increase in the number, sophistication and maliciousness of such attacks has been dramatic in the last few years. Traditional means of network protection, such as firewalls and intrusion detection systems, are weak methods for identifying and blocking DDOS attacks.

Anatomy of a DDOS attack

A DDOS attack is a network-based attack on a network resource that prevents access to a service or information. There are many different types of DDOS attacks but each has the same essential characteristic - the attack overwhelms one or more network resources, rendering them inoperative.

Preparations for a DDOS attack begin weeks or months in advance. The Attacker starts by planting a malicious code or program in hundreds or thousands of unrelated computers, called "bots" or "zombies." The computer’s legitimate user will not notice this "Bot code," but when the attack starts, it will force the computer to do the Attacker’s bidding. The Attacker controls the infected computers (collectively called a "Botnet") by means of a "Master." The Master is another unrelated computer that the Attacker has invaded with a Trojan horse, virus or other means. The use of a Master or multiple Masters allows the Attacker to disguise himself very effectively. When he is ready to start the DDOS attack, the Attacker uses the Master to command the Botnet to launch an attack on a specific target computer or group of computers, called the "Victim." The Master begins by signaling the Botnet to begin simultaneously sending packets to the Victim. Trying to handle the sheer volume of traffic created by the Botnet, the Victim’s resources are overwhelmed. The result is severe degradation in network performance, often with servers crashing under the attack. An accomplished DDOS attacker will cover his tracks well, preloading instructions to the Bots, dissociating them from the Master, and automating the attack to begin only after telltale signs of invasion have been cleaned up.

Some startling facts and estimates reveal the magnitude of the DDOS epidemic. Extrapolating from the Symantec Internet Security Report, March 2006: About a quarter of a million computers become zombies each month and, on average, a new DDOS attack is launched every minute.

Why are these attacks carried out?

Attackers may plan a DDOS attack simply for fun or to prove their prowess; they may want to punish the victim for some perceived transgression. Economic motivations can also be a factor. The attacker may use the threat of DDOS attacks to extort cash from the targeted victim. The most insidious reason, however, is to create an ideal opportunity for penetrating normal network defenses. Overwhelming the network and network operators allows the attacker to imbed malicious code on the victim’s servers or to steal confidential and proprietary information during or after the attack.

Implementaion of a DDOS defense

RioRey has developed technology specifically to block DDOS attacks. RioRey’s NI series network appliances detect attacks in seconds without operator intervention. Traffic is first analyzed in a bulk fashion to determine if there is any invalid traffic. Traffic attempting to communicate using invalid protocols is considered attack traffic. If attack traffic is detected, a multi-stage process identifies individual data flows as good or bad. Once traffic is processed on a flow basis, good traffic is allowed to flow from a host to its destination while attack traffic is blocked.

The RioRey devices are deployed in-line at the perimeter of the network as a border defense against attacks. Located at the edge of the network, this first line of defense keeps attack traffic out of your network. When deployed in this fashion the NI-1210 and NI-2310 provide the following:

  • RioRey appliances automatically identify and block DDOS attack traffic. Network personnel can monitor our actions and results, but they do not need to take any actions to identify or block a DDOS attack
  • Our systems are designed to produce zero false positives - in other words, we never block valid customer traffic. Equally important, we never blacklist your customer’s computer. Your customer can still communicate with you even when your RioRey defense is blocking attack traffic from the customer’s computer.
  • RioRey sits on the frontier of your network. Attack traffic is blocked from entering any part of your network that sits behind the RioRey appliance. Removing overwhelming DDOS attack traffic before it enters the network allows your existing network defenses to operate better. By eliminating the flood of attack traffic, defense resources can fully focus on intercepting invasive probes that are often imbedded in, or which immediately follow, DDOS attacks.

 
 
More information

 
© 2006 Digi-Data Corporation Privacy Policy | Shipping & Delivery Policy | Return & Refund Statement