DDos Attack Protection

In recent years, with the Trojans, the increasing spread of the virus, the Internet denial of service attack frequency and attack traffic also will be a rapid increase in attack, attack and attack resources, technology continues to mature at the same time, anti-denial of service related to hardware and software products also received considerable development. Today’s IDC market has basically to the lack of effective means of defense of denial of service attacks will not be able to conduct a stable IDC operations position.

However, denial of service a wide range of defense products, the price difference is very large, from several hundred dollars installed on the target server on a single server to tens of thousands of software firewall protection, and even more than a dozen million Fast, Gigabit hardware firewall, including the provision of new and emerging hardware firewall programs and DIY hardware firewall to help customers cost-effective alternative to programs, customers are often at a loss, especially for the DIY hardware firewall used by the relevant technical, defensive ability did not understand that it often at a loss in the choice.

The use of various denial of service attack prevention products and solutions, this paper I will present the mainstream of denial of service attack, the corresponding means of defense and the corresponding analysis of the current defense strategy to attack a variety of means of defense of the merits of the mainstream because of denial of service attack , IDC industry, the invisible barriers to entry been raised a lot. Understanding of the IDC market, investors in making investment in IDC room from time to time have to consider the corresponding denial of service attack defense strategy. The current choice of denial of service attack (DDoS) solutions, roughly divided into:

1, the software firewall solution

2, the hardware firewall solution

3, DIY hardware firewall solution

Section Cost Comparison

For the IDC operations in terms of cost and defensive characteristics of the sub-line, its advantages and disadvantages are as follows:

1, the software firewall solution because it is installed on the server being protected, their defense capabilities and defense area is limited, larger flow in the attack case, on the target server hardware resources to take up serious, and if the number of servers more room, the overall the cost is also high. But the software firewall easy installation, without moving the hardware device, the deployment of very flexible.

2, the hardware firewall is the extensive use of IDC and can play the actual effect of the defense program, the drawback is the cost of investment is too high, small and medium IDC difficult to accept the purchase cost is usually in the Fast products in the 2-4 million, Gigabit in the 6-8 million. If you need high-bandwidth defense, the cluster cost.

3, the emerging DIY hardware firewall program. And a different software firewall, DIY hardware firewall program is installed on the client by preparing their own hardware platform kernel software and hardware firewall in general the same defense capabilities and defense capabilities. As the hardware platform has user-ready, so it can use existing equipment, the total cost of ownership to a minimum. In general, Fast defense costs will be about 1,000 yuan per room per month, Gigabit defense as 1,500 yuan a month.

For the defense capability, the software firewall because of its mode of defects can not be right to establish protection of the entire cabinet or the room, filtering attack packets will also affect the system resources consumed by the normal application of the target system, so no rating here.

Hardware firewalls are all X86 architecture, popular for the hardware firewall is a computer, not specifically dedicated for the network processing chip, and DIY hardware firewall defense the same pattern all along the entire cabinet and the room for protection, and be able to cluster high-volume attack on defense, so we will be focusing our attention on the hardware firewall and DIY hardware firewall.

Defense capability and overall cost of ownership compared:

Cost of Ownership Form from the right point of view, the hardware firewall as a mainstream means of defense, its total cost of ownership is also high, as a compromise of the DIY hardware firewall, which provides a monthly charge for his services a good way to solve the IDC Daoshi facing financial pressures and investment risks and other issues.

II defense function contrast (attack articles)

On defense function, we can not fail to analyze the major domestic Internet denial of service attack tool, today the main use of the Internet means of attack are: SYN-FLOOD: Veteran DDOS attack, using TCP protocol weaknesses initiated three-way handshake attack, is characterized by attacks on the source address is a false address, is not easy to trace the attack source. Attacker in the unit time constructed TCP-SYN packet number of the more effective their attacks on the more remarkable.

A single site SYN attack: the use of three-tier defense against the current cluster switching equipment (such as the Cisco three-layer switch) for port aggregation and load balancing algorithms, when balancing the loopholes in the use of real or virtual into a single source address and the same source port attack. Such attacks in the majority of three-way switching device will be exchanged through a single line, thus weakening the effect of the cluster defense.

Real-situ SYN attack: for some of the software firewall and hardware firewall’s defense theory, specifically addressing the reverse firewall defense style of the attack was launched. The network the last two years the establishment of a puppet machine value chain, enabling real-SYN attack site on the Internet is now becoming more of a attack, an attacker by controlling the puppet of the many machines to send attack packets.

SYN big pack attacks: SYN attacks and general different, SYN packet attack is large by constructing a very large TCP data packets, causing network congestion have been targeted attacks on the way to achieve results, and general SYN is different from attacks initiated by the same flow rate, sending large data packet sender occupy less system resources.

UDP big pack attack: relative to the TCP protocol data packets, the attacking side less system resources need only be able to build a UDP packet, which also vigorously for an attacker to send a UDP packet to provide the conditions for the attack, UDP attacks generally through Large data packets clogging network bandwidth to achieve.

Agent CC attacks: the initial attack by the Chinese to attack the software off the Internet triggered a large number of agents CC attack. Appeared on the Internet through the collection of a large number of free and open proxy server, through the submission of a large number of targeted attacks on these servers destination address of the access request by the proxy server transit attacks. CC to launch attacks on their client agent requires only a common broadband lines, its attack is the real address of address (the proxy server address), once led a number of network operators suffer.

SYN-ACK, PSH-ACK, etc.: for TCP connections initiated by a variety of weaknesses in attack.

Legend DB Attack: Legend of the database-specific attack, but also by the Chinese to attack the first customer to write exploits, the attack is to simulate the legendary customer segment Create account movements, making the legendary server to its knees.

Legends Brush villain attacks: the last off the assembly line through the non-stop and simulated landing, making the legendary server crashes

Tags: attacks, DDoS, DDOS attack, Firewall, Internet, NAT
Posted in DDOS defense | No Comments »

In today’s business economy, it is important to have a complete solution that not only compensates for your current operations, but supports the growth ofyour business into the future as well. If the internet is the core of your business, a conventional web hosting solution might not be able to provide the level of control and flexibility you require, at least from a long-term perspective.  Because of this, there just may come a time when you need to strongly consider dedicated hosting.

What is Dedicated Hosting?

To give you a better understanding of dedicated hosting, I’ll first give a quick brief on conventional web hosting, better known as shared hosting. This is the type of environment where you are literally sharing server space and critical resources with other website owners. This could be tens, hundreds or even thousands of people.Dedicated hosting you could say, is the exact option. As the name implies, this is a situation where the entire server is dedicated to your business. With an entire machine at your disposal, you have enough server capacity to host one or multiple websites. Aside from disk space, you also have an abundance of bandwidth along with enough RAM and CPU to make your website perform like a champ. Whereas shared hosting leaves you limited, a dedicated server opens up the floor, providing you with more than enough room to work with.

Benefits of Dedicated Hosting

A dedicated server only makes sense for the large corporation or emerging small to medium-sized business, delivering benefits that simply can’t be provided on other platforms. Below I’ll touch on some of the key benefits of dedicated hosting:

Enhanced Stability and Performance

With dedicated hosting, you are pretty much assured a better performance. In this environment, there are no other sites on the server to leach off your disk space, bandwidth and other essential resources. This means you can enjoy a maximum uptime with a high level of performance your visitors are sure to appreciate.

Extreme Flexibility

One of the biggest attractions of the dedicated server is flexibility. On a shared server you are restricted and typically limited to the resources and tools the web host provides. With dedicated hosting you call the shots, able to incorporate the software applications and technologies you desire. The options are endless, ranging from the control panel and operating system to programming languages and database systems.

Enhanced Security

A dedicated server offers unparalleled security, an attribute that is invaluable these days. This hosting solution gives you the option of implementing the security protocols and mechanisms able to provide your business with the best protection. You can install firewalls, anti-virus solutions, DDoS protection software – the possibilities are endless when it comes to network security. Simply put – adedicated server can be as secure as you make it.

Though more expensive than shared web hosting, dedicated hosting is worth every penny to the business that demands the utmost in control and flexibility. Throw in enhanced stability and security and it becomes a solution your flourishing business just might not be able to do without.

Time for a dedicated server?  Check out the dedicated hosting packages offered byHostGator.  The Gator has dedicated servers available in both Windows and Linux flavors, giving you the best in server hardware and guaranteed network resources.

Tags: DDoS, DDOS Protection, Firewall, Internet, Security
Posted in economy | No Comments »

About once a year, usually around Black Friday, and coinciding with the flu season, mobile security takes center stage. Maybe more so this year, given the ascendency of the smartphone coupled with browsers finally good enough to make the mobile Web a worthwhile experience.

A week or so ago, RIM’s security chief spoke about smartphone viruses and their potential usurpation of the phone as a platform for DDoS attacks. This coupled with a critical mass of open operating system devices now make the mobile phone a tempting target. We’ve been talking about mobile viruses for half a decade. This time, the threat is real.

In the same way, these virtual petri dishes are black holes into which corporate IT has no visibility. Sybase (News – Alert) recently commissioned a study of European IT executives to evaluate the magnitude of this potential exposure. The findings are downright scary, and make one wonder about the level of attention IT departments have devoted to addressing the security requirements of their mobile workers. 66 percent stated that they have no visibility into the sensitivity of data stored on mobile devices, 38 percent have no visibility into applications, and only 15 percent are confident in their ability to contain exposure if the phone is lost or stolen. In my book, considering the magnitude of exposure, this lack of security should have these IT managers camped out at the corner unemployment office (or in a more draconian mood, at the local lockup).

These metrics align with the percentage of employee-liable phones used in the enterprise, now approaching 50 percent as reported by Yankee Group (News – Alert). I won’t go into the not unexpected conclusion from the presentation about the iPhone’s readiness (or lack thereof) for enterprise use.

So what’s an operator, an enterprise, or a smartphone subscriber to do?

Needless to say, once the phone is lost or infected, it is too late. An effective over-the-air security solution, deployed as part of an overall care architecture by the operator, for employee liable devices, or by the enterprise for corporate liable devices, is the foundation. This solution will be responsible for pushing firmware or software updates to the phone, ensuring that discovered vulnerabilities are quickly patched. Extensions to widely deployed FOTA architectures meet this requirement. In some cases, the operator may mandate anti-virus software, pushed to the device (or pre-loaded at time of manufacture) by the same update conduit. If the phone is lost or stolen, the management client of the device should be capable of locking the phone and/or wiping all data.

In parallel to the operator’s care platform, user education is essential. Password protection is a given, as well as the need for backup. However, it is almost criminal that employees using their smartphone for work purposes ignore this first line of defense. And, if the user wants that which happened in Vegas to stay in Vegas, he or she can’t wait a week to report a lost phone, hoping that it will miraculously re-appear. A phone locked after compromising photos or a corporate roadmap have made it to the Internet is not nearly as good as a phone locked before. Unlocking is as easy as making a call, nothing is lost if/when the “lost” device is once again found, as an over-the-air unlock is just as fast and easy as a lock.

The real area for improvement is in the area of IT control over employee liable devices. At Interop (News – Alert) in NYC, I participated in a panel addressing just this concern. We exchanged best practices, painting a picture of what should be, though not what necessarily currently exists. Our joint observation was that IT departments need to understand that mobile devices fall into a continuum. On one extreme, there are corporate liable Blackberries or mission-specific platforms upon which you can enforce restrictive, but safe, policies (on device encryption, strong passwords etc.). There will always be a place for this. On the other are the unwashed masses with a variety of personal devices with no policy or control enforced or deployed.

But the middle? Devices with reasonable VPN or ActiveSync support with on device encryption like Windows Mobile or the iPhone (News – Alert) 3GS? Good call, it is reasonable to expect encryption on the device, something that is supported by ActiveSync policies. However, some handsets, like earlier iPhones, will report back to the server that they support on-device encryption, when they don’t.

Convenient, but dangerous because you think that you are more secure than you are. Then there are devices which will fetch your mail off the Exchange server (if the server is configured to allow low security devices), but make no claim of any sort of ActiveSync on device encryption, such as recent Android devices like the Motorola (News – Alert) Droid or the Palm Pre. Even this is not cut and dried. For example, Touchdown, an ActiveSync corporate email app, runs on Android devices but reports support of on device encryption (at least as of late November 2009) even if that capability does not yet exist. The situation is complex.

The level of visibility into these devices, and IT’s willingness (and/or ability) to lock down an employee owned device , will inform what corporate resources are made available. This in effect addresses the concerns raised by the Sybase study. No visibility. No access to ERP or Exchange.

And if the enterprise does deploy security along the lines of Credant or Good, they’ve got to make doubly sure that there is no leakage of content (i.e., contacts or photos) from the ‘public’ to the ‘enterprise’ side of the device, certifying conformance on each and every OS platform and hardware family introduced. Here, the onus is on the IT department.

As I got onto the plane in JFK, I looked around at a rather unhealthy cross-section of the traveling population (compared to SFO), wondering if it was just my phone that I needed to protect…

Tags: attacks, DDoS, DDOS attack, DDoS Attacks, Internet, Security, vulnerabilities
Posted in Mobile Security | No Comments »

Network brings us a convenient, but also brings a series of problems. Viruses and malware attacks is very troublesome. Unless you pull string, otherwise will suffer from the aspects of the network, especially the threat of distributed denial of service attack, people can retreat DDos refund. We cannot prevent the attack, we can do is how to reduce losses, utmost ground protects the interests of individual and enterprise network.
A DDoS attack typically divided into three stages. First is the target confirmed: hackers will lock an IP address on the Internet. The IP address of the enterprise may represent a Web server, DNS server, Internet gateway, etc. Select the target of the attack, or for money purposes is pure pastime. Then is preparation: in this stage, the hacker intrusion Internet will have good protection system of the computer. In these computers after implantation target the necessary tools. Finally is launched actual attack stages: hackers will be sent to all orders against invasion by the computer, using the computer and ordered in advance of the implant to attack tool sends a packet that attack target unable to handle large amounts of data or bandwidth occupied. Serious word will affect the DNS, cause the whole network have paralyzed.
Of course not, facing DDoS unchecked. We can take corresponding measures to minimize the effects of such attacks.
Intrusion filter is a simple network should be implemented and all the security strategy. In your network, should establish a routing statement, all data to source IP address for this marked the packet. Although this way doesn’t prevent DDoS attack, but it can prevent DDoS attack reflex.
But many large ISP seem because all sorts of reasons refused to realize invasion of filter, so we need other ways to reduce the impact of DDoS. At present the most effective method is one of the track. By this way, the first should be determined by current is external DDoS attack, not from the connection or routing problem. Then all the edge router as soon as possible in the external interface configuration, reject all the data flow DDoS attack target. In addition, even in these edge router port configuration, will all invalid or unable to locate data source IP packets.
Such doing can decrease the impact DDos, early recovery network operation. DDoS attack, but we can prevent hard by the corresponding measures to reduce the attack in the network. We can’t predict how fierce flooding, all we can do is to build high dam, We couldn’t psych out hackers mood, so we must make full preparations.

Tags: DDoS, DDOS attack, DDoS Attacks, DNS, Internet, Security
Posted in DDoS Attacks | No Comments »

CYBERJAYA: The International Multilateral Partnership Against Cyber Threats (Impact) believes that what the world needs now is more cybersecurity experts.

Although it may sound less whimsical than the famous song, in reality, Impact said cyberspace is ever changing and the number of threats is growing everyday.

Threats are also getting more sophisticated and targeted compared to 10 years ago, said Philip Victor, Impact centre for policy and international cooperation, head of communications and outreach.

Aside from attackers being driven by financial gains from attacking global systems, Philip said that terrorists are also turning to the Internet to launch their attacks or execute their plans.

One of the more popular example of the realities of a cyberattack is the 2007 cyberwar in Estonia where attackers launched distributed denial of service (DDoS) attacks on Estonian websites including the Estonian parliament, banks, ministries and newspapers, he said.

Although the attacks may seem low-tech, a DDoS attack can disrupt everyday activities that require Internet connectivity.

“Unfortunately, there’s a lack of global cooperation to fight this due to the shortage of information security professionals,” Philip said.

In Malaysia, he said the information security professional to population ratio is 1:20,000.

“We believe the number of security professionals is growing but as the Internet population increases, we will need more,” he said.

Working towards this effort, Impact has alligned with information security certification company ISC2 to provide information security training to Impact partner countries.

“This is in line with our mandate of operationalising the Global Cybersecurity Agenda (GCA)in escalating cybersecurity capabilities to better defend againts cyberthreats,” said Datuk Mohd Noor Amin, chairman of the Impact management board.

The GCA is the United Nation’s International Telecommunication Union’s framework to enhance confidence and cybersecurity in the information society.

Through this agreement, ISC2’s certification courses such as the Certified Information Systems Security Professional, Systems Security Certified Practitioner and the Certified Secure Software Lifecycle professional will be offered in Impact’s partner countries to enhance the organisation’s position in providing a holistic approach to public sector cybersecurity.

Impact will kick off the first course, the Systems Security Certified course, in Africa in the first quarter of next year.

“Africa is a continent with growing Internet users so its logical to train security profesionals there to ensure its cyberspace is safe,” Philip said.

Impact and ISC2 are expecting 100,000 security professionals to be trained through this partnership.

“We will be working with governments to realise this goal in order to provide enough security professionals for the world,” Philip said.

W. Hord Tipton, executive director for ISC2 said the organisation is happy to work with Impact.

“We jointly believe that only by professional development can we enable the community to protect against cyberthreats and we look forward to educating more individuals,” he said.

Tags: attacks, DDoS, DDOS attack, Internet, NAT, Security
Posted in security experts | No Comments »

Park Dong-hoon, the president of the Korea Information Security Industry Association, made a keynote speech at the 2009 Korea Information Telecommunication Facilities Engineering fall seminar on Nov 19. The presentation covered the current status and problems of knowledge information security regarding to recent DDoS crisis.

With the development of IT technology, people are now living in a ubiquitous environment where everything is connected such as cellphones, computers, and mobile devices. However, more information through various networks created more demand for security. As the network became bigger and more complex, the trend in security is also changing from technical network protection to service security. Most people have some type of information stored in more than one network and many businesses have crucial information to protect. Due to the increase of cyber crimes, the knowledge information security industry has risen and it will continue to grow to be a convergence security industry. The information security industry is defined as the industry providing services to prevent crimes and disasters through security technology like passwords, encoding, surveillance, and recognition. The industry consists of information security, physical security and convergence security.

The potential for knowledge information security is tremendous. The estimated global market for 2013 is expected to be US$368 billion. Currently, the market is dominated by the US and EU at 88%. Korea has only 1.7% of global market share. The Korean knowledge information security market is estimated at W3.1 trillion in 2007, but it is expected to reach W18.4 trillion by 2013. For information security, most high-end security hardware is imported, but Korean software is exported to Japan, the US and other countries. For physical security, the market has expanded with 32% of annual growth. The 2009 market analysis showed that law enforcement has been strengthened due to several major information theft cases. Also, the public and finance sectors plan to establish the convergence security business against DDoS attacks and the industry will get bigger through M&A.

There have been several major security breaches since 2008 – the Blue House hacking, auction.com with over 10 million id thefts, Hanaro Telecom with 6 million id thefts, GS Caltex with 1.1 mil id thefts, and the 7/7 DDoS attack crisis. These types of cases show how vulnerable sites are with low security levels. The government does not have enough human resources in the security department. Many companies do not recognize security as investment but an expense. Also, most computer users do not use anti-virus programs, and their computers are exposed to hackers and are sometimes used as zombie PCs. The level of security systems does not meet the demand for increased internet use. The R&D investment is about 1,000 times less compared to the US, based on a 2007 survey. The solution for increasing cyber attacks is to establish a cyber crisis management system and produce more security professionals with more investment. The collaboration efforts between public and private sectors will help the security industry to grow.

Tags: attacks, DDOS attack, DDoS Attacks, Hackers, Internet, Security
Posted in DDoS Attacks | No Comments »

RioRey has appointed leading IT security specialist Network Defence as its UK partner to help deliver its security solutions to the UK. RioRey will use Network Defence’s strong position in the IT security and vertical markets to deliver a new level of Internet protection to customers.

Network Defence will distribute the complete range of RioRey products, offering SMEs through to major enterprises protection against Distributed Denial of Service (DDoS) attacks. The Internet security solutions detect attacks and nullify their effects on the network; ensuring e-commerce and web hosting services remain uninterrupted in order to maintain smooth business operations.

Director of sales and education (EMEA) for RioRey, Duncan Hume, said: “As sophisticated security technology requires focus RioRey looks for top quality partners across Europe. We have worked with Network Defence for several years and the team has always impressed me, and with their combination of technical ability plus sales and marketing skills they show clear focus in a rapidly growing market sector.

“Network Defence has a strong client base in a number of vertical sectors and are clearly trusted advisors to their customers. RioRey provides DDoS protection that no other supplier can offer, by working with a dedicated partner who fully understands our needs and the needs of their customers we can ensure the clear messaging required around DDoS mitigation is delivered; they are the perfect partner for our technology.”

Dave Beesley, managing director for Network Defence, said: “DDoS threats are very real and impact the market sectors we work in everyday. RioRey’s easy-to-install and intelligent range of products complement the solutions and services Network Defence has to offer, adding great value to our portfolio. Working together we can benefit our customers by providing an additional layer of protection to those who rely on their website.”

RioRey are currently developing new products around DDoS mitigation and plan to use Network Defence as a key partner in their UK market strategy.

Tags: attacks, Dave Beesley, DDOS Protection, Duncan Hume, Internet, Security
Posted in DDoS protection solution | No Comments »

Internet aegis experts say that misconfigured DSL and cable modems are deepening a acclaimed botheration with the Internet’s DNS (domain name system), authoritative it easier for hackers to barrage broadcast denial-of-service (DDoS) attacks adjoin their victims.

According to analysis set to be appear in the next few days, allotment of the botheration is abhorrent on the growing amount of customer accessories on the Internet that are configured to acquire DNS queries from anywhere, what networking experts alarm an “open recursive” or “open resolver” system. As added consumers appeal broadband Internet, account providers are rolling out modems configured this way to their barter said Cricket Liu, carnality admiral of architectonics with Infoblox, the DNS apparatus aggregation that sponsored the research. “The two arch culprits we begin were Telefonica and France Telecom,” he said.

In fact, the allotment of DNS systems on the Internet that are configured this way has jumped from about 50 percent in 2007, to about 80 percent this year, according to Liu.

Though he hasn’t apparent the Infoblox data, Georgia Tech Researcher David Dagon agreed that accessible recursive systems are on the rise, in allotment because of “the access in home arrangement accessories that acquiesce assorted computers on the Internet.”

“Almost all ISPs deliver a home DSL/cable device,” he said in an e-mail interview. “Many of the accessories accept congenital DNS servers. These can sometimes address in ‘open by default’ states.”

Because modems configured as accessible recursive servers will acknowledgment DNS queries from anyone on the Internet, they can be acclimated in what’s accepted as a DNS addition attack.

In this attack, hackers forward spoofed DNS concern letters to the recursive server, tricking it into acknowledging to a victim’s computer. If the bad guys apperceive what they’re doing, they can forward a baby 50 byte bulletin to a arrangement that will acknowledge by sending the victim as abundant as 4 kilobytes of data. By barraging several DNS servers with these spoofed queries, attackers can beat their victims and finer beating them offline.

DNS experts accept accepted about the accessible recursive agreement botheration for years, so it’s hasty that the numbers are jumping up.

However, according to Dagon, a added important affair is the actuality that abounding of these accessories do not cover patches for a broadly publicized DNS blemish apparent by researcher Dan Kaminsky endure year. That blemish could be acclimated to ambush the owners of these accessories into application Internet servers controlled by hackers after anytime acumen that they’ve been duped.

Infoblox estimates that 10 percent of the accessible recursive servers on the Internet accept not been patched.

The Infoblox analysis was conducted by The Measurement Factory, which gets its abstracts by scanning about 5 percent of the IP addresses on the Internet. The abstracts will be acquaint actuality in the next few days.

According to Measurement Factory Admiral Duane Wessels, DNS addition attacks do occur, but they’re not the a lot of accepted anatomy of DDoS attack. “Those of us that clue these and are acquainted of it tend to be a little bit afraid that we don’t see added attacks that use accessible resolvers,” he said. “It’s affectionate of a puzzle.”

Wessels believes that the move against the next-generation IPv6 accepted may be aback accidental to the problem. Some of the modems are configured to use DNS server software alleged Ambush or Tread Daemon (TOTd) — which converts addresses amid IPv4 and IPv6 formats. Often this software is configured as an accessible resolver, Wessels said.

Tags: DDoS Attacks, DNS, Internet
Posted in DDoS Attacks | No Comments »