Feature

Web Application Break-In

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Special manager's guide: Monitoring identities."

Download it now to read this article plus other related content.

DDoS Attacks
Unlike XSS, SQL injection and other attacks that steal information, distributed denial of service (DDoS) attacks aim to "deny" everyone from using the application by overwhelming servers and network devices, such as routers and firewalls, with bogus traffic. DDoS is the attack of choice for extortion and electronic protests against companies or organizations; the tools for launching DDoS attacks are widely available on the Internet. A recent survey of ISPs from around the world revealed that more than 90 percent believes simple DDoS floods are their biggest day-to-day hassle. By some estimates, DDoS attacks account for more than half the traffic across Internet backbones.

Unfortunately, DDoS attacks are a symptom of shortcomings in the Internet infrastructure, as they work by taking advantage of Internet protocols and consequently are among the most difficult attacks to defend against. There are several types of DDoS attacks, but their methods are similar in that they rely on a large group of compromised systems to direct a coordinated attack against a particular target.

The two most basic types of DDoS attacks are bandwidth and application attacks. Bandwidth attacks consume resources such as network bandwidth and equipment by overwhelming them with a high volume of packets. Application attacks, on the other hand, exploit the expected behavior of protocols such as TCP and HTTP by tying up computational resources and

    Requires Free Membership to View

preventing them from processing genuine transactions or requests. HTTP half-open and HTTP error attacks are a couple of examples of application attacks.

It is important to evaluate your firewall rules and filters to ensure their effectiveness against these exploits. For example, egress filtering will prevent your network from being the source of spoofed packets, and will make it easier for you to uncover the source of any internal agents.

This was first published in August 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: