DDos Attack Protection

One is a kind of DDoS attack method that drench the mortality system with massive network traffic to the point of insensitivity to the genuine users. A DDoS attack system is a complex device and is a terrific alignment between the systems to make the most of their utility of attack. The attack took three systems component of the system: the drivers, agents and therefore inevitable.

DoS / DDoS flood Attack Methods

Many methods of DDoS attack against floods have been documented.

Smurf and Fraggle Attack

Smurf attacks are one of the most overwhelming of DoS attacks. In the Smurf (ICMP Packet exaggeration) of attack, the attacker sends an ICMP echo request (ping) to a broadcast address. The base address of the reverb we ask for is the IP address of the victim (using the IP address of the victim as the return address). After receiving the demand rebound, all equipment in the field of transmitting send echo replies (responses) to the IP address of the victim. Victim collide or become solid once more flood size of many computer packages.

Smurf attack uses the cost of bandwidth for network funds immobilize a victim’s system. It is the realization of the costs through increased bandwidth of assailants. If the network has 100 enhance the computer, the signal can be increased 100 times, so the attacker with a relatively low bandwidth (such as 56K modem) can be flooded and put out of action a victim with a bandwidth much higher (as the association T1). The Fraggle (UDP packet exaggeration) attack is the cousin of Smurf attack. The Fraggle attack uses UDP echo packets in the same style as the ICMP echo packets in the assault Smurf. Fraggle more often than not achieves a minor issue escalation of smurf, and UDP echo is a less important service in most network ICMP echo, so it is much less appreciated Fraggle Smurf.

TCP SYN Attack

A SYN flood is difficult to realize because each session unbolt it looks like a normal user on the Web or FTP server. The extent of flooding depends on how the spoils are false source addresses. Packet can be spoofed SYN flood moreover with source IP addresses inaccessible addresses are not in sight for the overall direction to find the tables or valid IP addresses. When hackers attack open source IP addresses created by a producer or a random number algorithm for source IP addresses to be contaminated mechanically, the source address is outside-the-way. When forged source addresses are hard to find, is exaggerated only the target system. The service center often targeted cash income, waiting for answers that never come. This continues until all host possessions are covered with weeds.
UDP Attack

A UDP Flood DDoS attack is likely when an attacker sends a UDP packet to a small port in the system neglected calamity. When the victim system to accept a UDP packet, decide what request is waiting in the port of purpose. When it is understood that no application is expected in the port will cause an ICMP unreachable in connection with false source address. If enough UDP packets are distributed to the ports of the victim, the structure will fall.

TCP attack

In TCP, all packets should feel entitled to any implementation. (We use the set of terms and packet interchangeably in this document) In addition to the demand of the first association, that is, packets, TCP SYN, all packets are sent in response to the previous packages.So there is no demand to accept a package that is not a SYN packet or a real answer.

ICMP Attack

An attacker sends a massive number of ICMP echo packets to the inevitability of demand and therefore can not counteract fatalism timely because the volume of packages of high demand and have a complexity in the processing of all requests and responds quickly. The attack was the reason for the dirt or filing system down.

Tags: DDoS Attacks, DDoS Mitigation, DDOS Protection, distributed denial of service DDoS stop.
Posted in DDoS Attacks | No Comments »

About once a year, usually around Black Friday, and coinciding with the flu season, mobile security takes center stage. Maybe more so this year, given the ascendency of the smartphone coupled with browsers finally good enough to make the mobile Web a worthwhile experience.

A week or so ago, RIM’s security chief spoke about smartphone viruses and their potential usurpation of the phone as a platform for DDoS attacks. This coupled with a critical mass of open operating system devices now make the mobile phone a tempting target. We’ve been talking about mobile viruses for half a decade. This time, the threat is real.

In the same way, these virtual petri dishes are black holes into which corporate IT has no visibility. Sybase (News – Alert) recently commissioned a study of European IT executives to evaluate the magnitude of this potential exposure. The findings are downright scary, and make one wonder about the level of attention IT departments have devoted to addressing the security requirements of their mobile workers. 66 percent stated that they have no visibility into the sensitivity of data stored on mobile devices, 38 percent have no visibility into applications, and only 15 percent are confident in their ability to contain exposure if the phone is lost or stolen. In my book, considering the magnitude of exposure, this lack of security should have these IT managers camped out at the corner unemployment office (or in a more draconian mood, at the local lockup).

These metrics align with the percentage of employee-liable phones used in the enterprise, now approaching 50 percent as reported by Yankee Group (News – Alert). I won’t go into the not unexpected conclusion from the presentation about the iPhone’s readiness (or lack thereof) for enterprise use.

So what’s an operator, an enterprise, or a smartphone subscriber to do?

Needless to say, once the phone is lost or infected, it is too late. An effective over-the-air security solution, deployed as part of an overall care architecture by the operator, for employee liable devices, or by the enterprise for corporate liable devices, is the foundation. This solution will be responsible for pushing firmware or software updates to the phone, ensuring that discovered vulnerabilities are quickly patched. Extensions to widely deployed FOTA architectures meet this requirement. In some cases, the operator may mandate anti-virus software, pushed to the device (or pre-loaded at time of manufacture) by the same update conduit. If the phone is lost or stolen, the management client of the device should be capable of locking the phone and/or wiping all data.

In parallel to the operator’s care platform, user education is essential. Password protection is a given, as well as the need for backup. However, it is almost criminal that employees using their smartphone for work purposes ignore this first line of defense. And, if the user wants that which happened in Vegas to stay in Vegas, he or she can’t wait a week to report a lost phone, hoping that it will miraculously re-appear. A phone locked after compromising photos or a corporate roadmap have made it to the Internet is not nearly as good as a phone locked before. Unlocking is as easy as making a call, nothing is lost if/when the “lost” device is once again found, as an over-the-air unlock is just as fast and easy as a lock.

The real area for improvement is in the area of IT control over employee liable devices. At Interop (News – Alert) in NYC, I participated in a panel addressing just this concern. We exchanged best practices, painting a picture of what should be, though not what necessarily currently exists. Our joint observation was that IT departments need to understand that mobile devices fall into a continuum. On one extreme, there are corporate liable Blackberries or mission-specific platforms upon which you can enforce restrictive, but safe, policies (on device encryption, strong passwords etc.). There will always be a place for this. On the other are the unwashed masses with a variety of personal devices with no policy or control enforced or deployed.

But the middle? Devices with reasonable VPN or ActiveSync support with on device encryption like Windows Mobile or the iPhone (News – Alert) 3GS? Good call, it is reasonable to expect encryption on the device, something that is supported by ActiveSync policies. However, some handsets, like earlier iPhones, will report back to the server that they support on-device encryption, when they don’t.

Convenient, but dangerous because you think that you are more secure than you are. Then there are devices which will fetch your mail off the Exchange server (if the server is configured to allow low security devices), but make no claim of any sort of ActiveSync on device encryption, such as recent Android devices like the Motorola (News – Alert) Droid or the Palm Pre. Even this is not cut and dried. For example, Touchdown, an ActiveSync corporate email app, runs on Android devices but reports support of on device encryption (at least as of late November 2009) even if that capability does not yet exist. The situation is complex.

The level of visibility into these devices, and IT’s willingness (and/or ability) to lock down an employee owned device , will inform what corporate resources are made available. This in effect addresses the concerns raised by the Sybase study. No visibility. No access to ERP or Exchange.

And if the enterprise does deploy security along the lines of Credant or Good, they’ve got to make doubly sure that there is no leakage of content (i.e., contacts or photos) from the ‘public’ to the ‘enterprise’ side of the device, certifying conformance on each and every OS platform and hardware family introduced. Here, the onus is on the IT department.

As I got onto the plane in JFK, I looked around at a rather unhealthy cross-section of the traveling population (compared to SFO), wondering if it was just my phone that I needed to protect…

Tags: attacks, DDoS, DDOS attack, DDoS Attacks, Internet, Security, vulnerabilities
Posted in Mobile Security | No Comments »

Network brings us a convenient, but also brings a series of problems. Viruses and malware attacks is very troublesome. Unless you pull string, otherwise will suffer from the aspects of the network, especially the threat of distributed denial of service attack, people can retreat DDos refund. We cannot prevent the attack, we can do is how to reduce losses, utmost ground protects the interests of individual and enterprise network.
A DDoS attack typically divided into three stages. First is the target confirmed: hackers will lock an IP address on the Internet. The IP address of the enterprise may represent a Web server, DNS server, Internet gateway, etc. Select the target of the attack, or for money purposes is pure pastime. Then is preparation: in this stage, the hacker intrusion Internet will have good protection system of the computer. In these computers after implantation target the necessary tools. Finally is launched actual attack stages: hackers will be sent to all orders against invasion by the computer, using the computer and ordered in advance of the implant to attack tool sends a packet that attack target unable to handle large amounts of data or bandwidth occupied. Serious word will affect the DNS, cause the whole network have paralyzed.
Of course not, facing DDoS unchecked. We can take corresponding measures to minimize the effects of such attacks.
Intrusion filter is a simple network should be implemented and all the security strategy. In your network, should establish a routing statement, all data to source IP address for this marked the packet. Although this way doesn’t prevent DDoS attack, but it can prevent DDoS attack reflex.
But many large ISP seem because all sorts of reasons refused to realize invasion of filter, so we need other ways to reduce the impact of DDoS. At present the most effective method is one of the track. By this way, the first should be determined by current is external DDoS attack, not from the connection or routing problem. Then all the edge router as soon as possible in the external interface configuration, reject all the data flow DDoS attack target. In addition, even in these edge router port configuration, will all invalid or unable to locate data source IP packets.
Such doing can decrease the impact DDos, early recovery network operation. DDoS attack, but we can prevent hard by the corresponding measures to reduce the attack in the network. We can’t predict how fierce flooding, all we can do is to build high dam, We couldn’t psych out hackers mood, so we must make full preparations.

Tags: DDoS, DDOS attack, DDoS Attacks, DNS, Internet, Security
Posted in DDoS Attacks | No Comments »

Park Dong-hoon, the president of the Korea Information Security Industry Association, made a keynote speech at the 2009 Korea Information Telecommunication Facilities Engineering fall seminar on Nov 19. The presentation covered the current status and problems of knowledge information security regarding to recent DDoS crisis.

With the development of IT technology, people are now living in a ubiquitous environment where everything is connected such as cellphones, computers, and mobile devices. However, more information through various networks created more demand for security. As the network became bigger and more complex, the trend in security is also changing from technical network protection to service security. Most people have some type of information stored in more than one network and many businesses have crucial information to protect. Due to the increase of cyber crimes, the knowledge information security industry has risen and it will continue to grow to be a convergence security industry. The information security industry is defined as the industry providing services to prevent crimes and disasters through security technology like passwords, encoding, surveillance, and recognition. The industry consists of information security, physical security and convergence security.

The potential for knowledge information security is tremendous. The estimated global market for 2013 is expected to be US$368 billion. Currently, the market is dominated by the US and EU at 88%. Korea has only 1.7% of global market share. The Korean knowledge information security market is estimated at W3.1 trillion in 2007, but it is expected to reach W18.4 trillion by 2013. For information security, most high-end security hardware is imported, but Korean software is exported to Japan, the US and other countries. For physical security, the market has expanded with 32% of annual growth. The 2009 market analysis showed that law enforcement has been strengthened due to several major information theft cases. Also, the public and finance sectors plan to establish the convergence security business against DDoS attacks and the industry will get bigger through M&A.

There have been several major security breaches since 2008 – the Blue House hacking, auction.com with over 10 million id thefts, Hanaro Telecom with 6 million id thefts, GS Caltex with 1.1 mil id thefts, and the 7/7 DDoS attack crisis. These types of cases show how vulnerable sites are with low security levels. The government does not have enough human resources in the security department. Many companies do not recognize security as investment but an expense. Also, most computer users do not use anti-virus programs, and their computers are exposed to hackers and are sometimes used as zombie PCs. The level of security systems does not meet the demand for increased internet use. The R&D investment is about 1,000 times less compared to the US, based on a 2007 survey. The solution for increasing cyber attacks is to establish a cyber crisis management system and produce more security professionals with more investment. The collaboration efforts between public and private sectors will help the security industry to grow.

Tags: attacks, DDOS attack, DDoS Attacks, Hackers, Internet, Security
Posted in DDoS Attacks | No Comments »

Internet aegis experts say that misconfigured DSL and cable modems are deepening a acclaimed botheration with the Internet’s DNS (domain name system), authoritative it easier for hackers to barrage broadcast denial-of-service (DDoS) attacks adjoin their victims.

According to analysis set to be appear in the next few days, allotment of the botheration is abhorrent on the growing amount of customer accessories on the Internet that are configured to acquire DNS queries from anywhere, what networking experts alarm an “open recursive” or “open resolver” system. As added consumers appeal broadband Internet, account providers are rolling out modems configured this way to their barter said Cricket Liu, carnality admiral of architectonics with Infoblox, the DNS apparatus aggregation that sponsored the research. “The two arch culprits we begin were Telefonica and France Telecom,” he said.

In fact, the allotment of DNS systems on the Internet that are configured this way has jumped from about 50 percent in 2007, to about 80 percent this year, according to Liu.

Though he hasn’t apparent the Infoblox data, Georgia Tech Researcher David Dagon agreed that accessible recursive systems are on the rise, in allotment because of “the access in home arrangement accessories that acquiesce assorted computers on the Internet.”

“Almost all ISPs deliver a home DSL/cable device,” he said in an e-mail interview. “Many of the accessories accept congenital DNS servers. These can sometimes address in ‘open by default’ states.”

Because modems configured as accessible recursive servers will acknowledgment DNS queries from anyone on the Internet, they can be acclimated in what’s accepted as a DNS addition attack.

In this attack, hackers forward spoofed DNS concern letters to the recursive server, tricking it into acknowledging to a victim’s computer. If the bad guys apperceive what they’re doing, they can forward a baby 50 byte bulletin to a arrangement that will acknowledge by sending the victim as abundant as 4 kilobytes of data. By barraging several DNS servers with these spoofed queries, attackers can beat their victims and finer beating them offline.

DNS experts accept accepted about the accessible recursive agreement botheration for years, so it’s hasty that the numbers are jumping up.

However, according to Dagon, a added important affair is the actuality that abounding of these accessories do not cover patches for a broadly publicized DNS blemish apparent by researcher Dan Kaminsky endure year. That blemish could be acclimated to ambush the owners of these accessories into application Internet servers controlled by hackers after anytime acumen that they’ve been duped.

Infoblox estimates that 10 percent of the accessible recursive servers on the Internet accept not been patched.

The Infoblox analysis was conducted by The Measurement Factory, which gets its abstracts by scanning about 5 percent of the IP addresses on the Internet. The abstracts will be acquaint actuality in the next few days.

According to Measurement Factory Admiral Duane Wessels, DNS addition attacks do occur, but they’re not the a lot of accepted anatomy of DDoS attack. “Those of us that clue these and are acquainted of it tend to be a little bit afraid that we don’t see added attacks that use accessible resolvers,” he said. “It’s affectionate of a puzzle.”

Wessels believes that the move against the next-generation IPv6 accepted may be aback accidental to the problem. Some of the modems are configured to use DNS server software alleged Ambush or Tread Daemon (TOTd) — which converts addresses amid IPv4 and IPv6 formats. Often this software is configured as an accessible resolver, Wessels said.

Tags: DDoS Attacks, DNS, Internet
Posted in DDoS Attacks | No Comments »