-In a clear and simple way, this Cisco graphic shows the relationship of the parties in a DDOS attack. -
At 9 a.m., millions of users of Twitter.com found themselves unable to access the microblogging Web site, the modern version of the telephone party line through which more than 40 million people announce what they are doing, reading, eating and thinking at any given moment.
Undaunted, the rejected Twitterers trooped to Facebook.com, the social networking site that has more than 200 million users, which has "status updates" that mimic Twitter feeds. But before users could begin to type, "Is sad that Twitter is down," a terrible and panic-inducing discovery: Facebook was down, too.
Kathleen Loughlin, a spokeswoman for Facebook, also cited a denial-of-service attack, which she said "resulted in degraded service for some users." She added that no user data were at risk during the attack and promised that Facebook was "continuing to monitor the situation to ensure that users have the fast and reliable experience they've come to expect from Facebook."
"On this otherwise happy Thursday morning, Twitter is the target of a denial-of-service attack," Twitter co-founder Biz Stone wrote on the official Twitter blog. "Attacks such as this are malicious efforts orchestrated to disrupt and make unavailable services such as . . . Twitter for intended customers or users. We are defending against this attack now."
The first big DDoS attack, in February 2000 took down some of the Web's most popular sites for hours, including Yahoo, CNN, eBay, Amazon.com, Buy.com, and E*Trade. The U.S. Federal Bureau of Investigation promptly held a news conference to discuss the disruption to the Internet and eventually tracked down the perpetrator, 15-year-old "Mafiaboy," after he bragged about it to friends online.
Mafiaboy was most likely trying to get attention, like script kiddie hackers do when they deface Web sites. Other attackers have different agendas. For instance, there are politically motivated DDoS attacks, such as those involving Russian and Georgian sites last year. Estonia sites were attacked in 2007. Meanwhile, the origin of recent DDoS attacks targeting U.S. government sites and sites in South Korea remain a mystery.
---------
Twitter users were unable to log in for several hours after the social networking site became the victim of a cyber attack.
-----
What's a denial-of-service attack?
A denial-of-service (DoS) attack is any effort designed to interfere with access to a Web site or Internet service. A common method of attack involves flooding a target server with so many communications requests that legitimate traffic can not get through. This can shut down or slow down the site temporarily.
Web sites aren't the only things that can be targeted in DoS attacks. Unplugging someone's computer is a very basic type of DoS attack.
What's a distributed-denial-of-service (DDoS) attack?
Because Web sites are built to handle a lot of traffic, it can take millions of simultaneous communications requests to have enough affect on the performance of the server for an attack. In a DDoS attack, tens of thousands or even millions of computers are used to send traffic to the target site all at the same time and repeatedly."It's a bit like 15 fat men trying to get through a revolving door at the same time--nothing can move."
The hijacked PCs that are used in a DDoS attack comprise a botnet. The individual computers are called "bots," "zombies" or "slaves" and are controlled remotely by the "master" attacker. The attacker relays instructions to the bots via a command-and-control server, typically using IRC (Internet Relay Chat). Botnets are also used to distribute spam. Some newer botnets, like one created by a version of Conficker, relay instructions via peer-to-peer.
How many bots are needed to take down a Web site?
The number depends on how much resources, servers and bandwidth, the target site has. It can take 25,000 to 50,000 bots to cripple a typical site and as few as 10,000 or less for a small Web site, according to Kevin Stevens, a security researcher for SecureWorks' Counter Threat Unit.
It's difficult to know exactly how big any particular botnet is and guesses vary widely. For example, estimates of the Conficker botnet ranged from 500,000 PCs to 10 million.
What kind of damage can a DoS attack do?
A DoS can make a Web site completely inaccessible to anyone for a period of time, like the most recent attack did with Twitter. Or it can be equivalent to a hiccup, slowing down page loads or affecting only part of the site.
Sites that aren't in the direct line of fire can also be affected. For example, if a company that is attacked is hosting images or content that is fed to other sites, those other sites may have trouble. So many sites feature Twitter updates that it's likely some of those associated sites were impacted when Twitter was down and the ancillary site's requests to get updates were ignored.
How can a DDoS be prevented or stopped?
In 2001, the White House was able to thwart a DDoS attack that was programmed into the code of the Code Red virus by moving the site away from the targeted IP address.
And in 2005, Microsoft sidestepped a DDoS that was going to be triggered by PCs infected with the Blaster virus by killing the targeted IP address.
A company can reduce its risk by buying plenty of servers and bandwidth, and hosting content on backup servers. Companies can also limit the number of connections that the Web server allows at any one time and set the firewall to block certain types of data that are used in DDoS attacks, said SecureWorks' Stevens.
What can individuals do to prevent their computers from being used in a DDoS attack?
To keep malware off a computer, people should install the latest operating system and application patches, update their antivirus and other security software, consider using auto-updates for browsers and be careful about opening up attachments and visiting Web sites.
0 comments:
Post a Comment