Securing Computer Networks Against Distributed Denial of Service (ddos) Attacks

Securing Computer Networks against Distributed Denial of Service (DDoS) Attacks

"85 percent of respondents detected computer security breaches within the last 12 months, up 42% from 1996." —Annual Computer Security Institute and FBI Survey, 2001

Although the quote and the contents of this report is now fairly dated, the rise of Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks has risen consistently over time however they aren't a new phenomenon. There are conflicting views about the timeline of the first perpetuated DDoS attack, and sites such as http://staff.washington.edu/dittrich/talks/sec2000/timeline.html claims that the first attack happened in May/June 1998 albeit very primitive DDoS attacks on small networks however David Dennis of TekCube claims" As far as I know, I'm the first person to have created a DoS of a room full of PLATO terminals deliberately. "David Dennis was 13 years old when he orchestrated a DoS attack on a computer suite at his school. This was in 1974. (Lequime, M. 2010).

Within this report, I will give a brief definition of Denial of Service and Distributed Denial of Service, and how these processes are executed, concluding in recommendations for securing computer networks against Distributed Denial of Service.

A Denial of Service (DoS) attack is where a network or system is made unusable or slowed down for authorized users by a malicious party bombards the server with so many requests that the server just cannot keep up with the level of requests or the server will reset resulting in a much slower service or none at all.

A Distributed Denial of Service (DDoS) attack is where several machines are used by attackers to implement an attack against its target system or network at the same time and can be extremely difficult to detect because the attacks originate from several different Internet Protocol (IP) address. For example if a single IP address is attacking a network, the network can use its firewall to block that specific IP address, however if it is 20000 different IP address that have been compromised orchestrating an attack, then the task of protecting a network becomes increasingly more difficult.

A DDoS attack consists of 3 agents. The first being the master, who launches the attack. The slave is the compromised network and the victim which is the target site/ server.

LinuxSecurity.com claim "DDOS is done in 2 phases. In the first phase they try to compromise weak machines in different networks around the world. This phase is called Intrusion Phase. It's in the next phase that they install DDOS tools and starts attacking the victim's machines/site. This Phase is called Distributed Denial of Service attacks phase."(Cherian, B. 2006)

A DDoS attack involves many parties and actions. For example, we must first look at the user who does not apply