Tag Archives: DDoS attacks

How to avoid bogging down your own servers

panda-security-attacks

There’s been a lot of talk recently about DDoS (distributed denial-of-service) attacks in the wake of an incident that left thousands of users without internet access as a result of the collapse of the servers at Dyn, a DNS hosting service. Needless to say, we should be aware of this threat, know how it works, and how to defend ourselves against it. Especially now, in the age of the Internet of Things, which has made it easier for cybercriminals to build an army of infected devices to carry out this kind of attack.

Protecting multiple devices in the Internet of Things leaves much to be desired, opening up a broad avenue for attackers to easily gain access to and control over these devices in order to use them as weapons. In a DDoS, all of these involuntary recruits connect to the server at the same time in order to overwhelm it and render it incapable of responding to legitimate requests. It’s as though a mob of people jumped in front of you in the check-out line at the supermarket not with the intention of buying anything themselves, but rather just to block you from doing so.

This danger may be commonplace and companies should, of course, be weary of it, but the truth is that a company’s servers are much more likely to collapse as a result of their own errors than from an external exploit. This has been confirmed by Google’s experts, who, without citing concrete data, warn of the alarming frequency with which this occurs.

A company’s servers are more likely to collapse as a result of their own errors

 Researchers at the search engine giant allege that programmers and developers often assume that a traffic load will be correctly and evenly distributed by the system, with no contingency plan in place in case it doesn’t work out that way.

Google gives us this example in the way of an explanation. A good amount of mobile apps establish a connection with their servers in a given increment of time in order to fetch information. If there’s no urgency, many apps connect every 15 minutes. In the event of an error, these apps are programmed to resubmit the petition every 60 seconds so as not to have to wait an additional 15 minutes if something in case something goes wrong on the first attempt.

This system reveals its shortcomings when the server, for whatever reason, is unavailable for a given period of time (not necessarily a long one). When it’s back up and running, it receives not only the usual requests every 15 minutes, but will also receive, all at once, an onslaught of requests that were made every 60 seconds during its time offline.

The outcome? A self-inflicted DDoS attack, which could shut down the app as a result of excessive simultaneous connections. If, on top of that, the server goes back offline following this bottleneck of traffic, the chain of incidents will start all over again.

Tips to avoid DDoS attacks

In order to prevent this from happening, the experts at Google offer some advice:

  • First, make it so that the initial 60 second delay doubles with each failed request, so that the second attempt is submitted after 120 seconds, the third after 240 seconds, and so on. That way, the number of requests piled up will be lower when the server returns to normal.
  • They also recommend that the app keep count of the number of reconnection attempts that each user has made, so that the most urgent requests are given priority when the server gets back to normal. This way, the requests that have been waiting the longest will be attended to first, while the rest continue waiting. A traffic bottleneck will therefore be averted, along with unwanted downtime caused by a DDoS attack launched against yourself.

The post How to avoid bogging down your own servers appeared first on Panda Security Mediacenter.

The Internet collapses, brings the world to a halt for a few hours

 

young man with glasses sitting in front of his computer, programming. the code he is working on (CSS) can be seen through the screen.

A massive cyber-attack against US DNS service provider Dyn knocked out major websites across the Internet last Friday. The attack shut down several websites, including Netflix, Twitter, Amazon and The New York Times. The Internet service was disrupted for almost 11 hours, affecting more than one billion customers around the world.

Cyber crooks are always looking for ways to exploit the latest, most innovative technologies to carry out attacks like those we saw just a few hours ago. Are we in the Age of Internet Attacks? The latest PandaLabs Quarterly Report already warned of the huge number of large-scale distributed denial-of-service (DDoS) attacks that have been occurring over the last few months, and the way many of them are exploiting botnets made up of not only computers but also smart devices like IP cameras.

The recent DDoS attacks reflect the new approach taken by Black Hat hackers when it comes to launching new, more devastating campaigns that combine everyday devices and malware to form highly dangerous armies ready to launch DDoS attacks.

Probing Internet defenses

Just one month ago, security guru Bruce Schneier, published an article with the most revealing title: ‘Someone Is Learning How to Take Down the Internet.’

The recent examples of denial-of-service attacks flood servers with useless traffic that overburdens Internet bandwidth and prevents legitimate users from accessing targeted sites. Attacked servers become saturated with the huge number of requests.

The article explained that the best way to take down the Internet is through a DDoS attack like the one suffered by Dyn, and how some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks, in what seems to be an strategy to gather information and see how well these companies can defend themselves.

A few weeks ago, the website of Brian Krebs, a US journalist specialized in computer security issues, was taken offline as he fell victim to the largest DDoS attack to date. He was only able to go back online after Google came to the rescue.

This attack adds to the list of those suffered by a number of tech giants over the last few months, such as the hack of 500 million Yahoo accounts back in September, or the theft of 60 million  Dropbox user IDs and 100 million LinkedIn passwords.

It is precisely the success of the Internet, with billions of connected devices worldwide, that makes it so appealing to criminals willing to exploit its vulnerabilities. Many of these devices lack basic security measures, making them easy prey for hackers and, in this context, any organization, media company or social networking service can become the victim of the next attack.

 

The post The Internet collapses, brings the world to a halt for a few hours appeared first on Panda Security Mediacenter.

Attackers Revive Deprecated RIPv1 Routing Protocol in DDoS Attacks

An advisory from Akamai warns of a recent reflection style DDoS attack in which the deprecated RIPv1 routing protocol was leveraged against targets.