7/29/2019 Combating DoS or DDoS Attacks

1/5

radicaldevelopment.net http://radicaldevelopment.net/combating-dos-or-ddos -attack

Combating DoS or DDoS Attacks

The reality is Denial of Service (DoS) and Dist ributed Denial of Service (DDoS) attacks have been around fo

many years. While there are not new developments in which the mechanism that these attacks are carried

out , these at tacks are simply becoming more and more sophisticated. There is also legal precedence which

individuals or groups can target a specif ic entity as long as there is a legitimate underlying cause. Taking in

account the growing sophistication and legal background it becomes ever more import ant f or o rganizat ions

to f ormulate a plan in detecting, preventing, and mitigating the risks surrounding DoS and DDoS at tacks. Th

shif t to a defensive posture may be foreign to many organizations however to ensure services cont inue

uninterrupted these organizations must t ake these type of attacks much more seriously.

To combat Denial of Service attacks it is essential to understand that the idea of this at tack encapsulates

the concept o f f looding the target network, breaking the network connection, and f inally the hindrance of a

individual or even a group to access a particular service. The cyber batt lef ield concerning this t ype of attac

is depicted in f igure 1. Here the attacker seeks out what is known as a handler where so f tware is installed

that allows the handler to be contro lled via the attacker.

Figure: 1

At this point, the at tacker issues commands to the handler that in turn contro ls the agents and the agents

then act as the solider that att acks the target. Oft en the agents are unsuspecting computers that may be

infected with malware. Of course, denial of service attacks also are executed by a single entity by taking

advantage of vulnerabilities within program f laws, specif ically in the areas of resource starvation and buf f e

overf lows (Nort hcutt, 2007). At the end of the day, the threat o f a DoS or DDoS is real and to reduce these

threats t he next s teps are detecting and mitigating the threat . Keeping in mind these st eps, I selected three

research papers f ocus on detection and prevention in order to reduce the risk surrounding denial of service

attacks. The key f actor is to remember that risks cannot entirely be removed, but these same risks can be

mitigated to an acceptable level with everyone involved.

Attacks in History

http://radicaldevelopment.net/combating-dos-or-ddos-attacks/

7/29/2019 Combating DoS or DDoS Attacks

2/5

To put into perspective all one has to do is t urn attent ion back in time to 2007 when Estonia f eel victim to a

DoS attack. What propagated the attack was the action that the Estonian citizens relocated a Soviet war

memorial f rom the city o f Tallinn. At the time, Estonians believed that the Russ ian government was behind

the attack however, the Russian government denied all involvement. The other widely adopted believe was

that hackers who sympathized with the Russians where behind the at tack and this included China. This DoS

attack was viewed as a cyberwar between Russia and Estonia and because of this; both o rganizations and

countries alike took not ice of the importance of cybersecurity.

Detecting the Threat

Over the years network centric defense systems has evolved to t he level where the traf f ic can be monito re

and categorized to the level in which traf f ic can be determined if it is acceptable or unacceptable (Ying,

Incheol, T hai, and Taieb, 2010). Accountability must be at the center o f computing, in ot her words every

action must be bo th measurable and traceable by to a given entity. The reason this is import ant is so the

organization can take the info rmation in order to step through the attack in the hope that t his test scenario

points out the vulnerability and how the vulnerability was exploited. Ying et al. (2010) emphasize that

detection and test ing so unds simple of the surf ace however there are three problems areas to address,

which include having a sold test ing structure, planning the infrast ructure to mimic the att acker, and f inally th

tes t case must provide accurate results. Once tes t cases are in place and executed, then and only then can

an organization be successf ul.

Modern day business is widely conducted over the Internet and be of this it is extremely

more important than ever to conduct test ing acros s t he spectrum. For example, computer

on a network typically communicate via routers and it is not overly dif f icult t o execute a

denial of service attack on a given network. One such attack vecto r is exploit ing Internet

Proto col (IP) version 6 by sending a f lood data packets , which will advertise a network.

This exploit then will cause all devices on the network to t hen attempt to connect and

now the computers f all victim to reso urce starvation. In fact, this exploit will force clients

to join hundreds of advertised networks until the computer becomes utterly non-

responsive. A great test scenario is to configure the operating systems (OS) to ignore a

predetermined number networks, o f course the roo t vulnerability resides with the vendorto patch. Ying et al. (2010) proposal surrounding a test ing based approach to both DoS and DDoS attacks

attempts to establish a so lid f ramework in which these types o f attacks are reduced by understanding the

day-to- day network activity. The downside to this approach is public facing networks are dif f icult t o measu

because the usage of ten peaks over time making it challenging to def ine what t raf f ic is acceptable.

Counter the Attack

At this stage in Do S attacks the idea is that if an at tack is determined to be underway there must be

measures in place to f ight of f the attack. As mentioned previously, many aspects of business are of ten

conducted over the Internet and because of this f act; a pronounced example of a DoS attack of service are

password at tacks. Goyal, Kumar, Singh, Abraham, and Sanyal, (2006) po int out that a vast amount of

systems utilize passwords f or two reasons which include convenience and the fact that end users widely

accept the use of a password to gain access to a service. For similar reasons that passwords are popular

with users, they are also popular f orms of DoS attacks.

http://radicaldevelopment.net/advertise/

7/29/2019 Combating DoS or DDoS Attacks

3/5

Figure: 2

When it comes to password attacks, the hacker community has a vast arsenal at their disposal whereas

security measures t ypically are limited or as they evolve, they of ten f all victim to an attack. The reality is Do

attacks will likely always be reactive but t his does not mean that proactive measures should not be

implemented. A password by def inition means a word o r phrase that is unknown to o thers than the intended

party. However, the reality is passwords are weak and easily guessed o r even cracked as f igure 2 represent

they typical length o f a password. Because of this f act, Goyal et al. (2006) propose a measure that will

prevent dictionary attacks by shrinking the att ack window, which in turn will require the hacker to rethink the

attack. The core o f this idea is the protocol initiates a f our-pass transmission where the f inal two passes

involve a computat ion that is negot iated between the server and the client. To put passwords into

perspective when it comes to DoS attacks it is important to understand that while typically attacks are

carries out on tiers three and four, it is entirely feasible to also at tack tier two via the password vulnerabilit

Case in point, Cisco (2005) released an advisory that outlined their Application and Content Networking

System (ACNS) so f tware could fall victim to a DoS attack by exploiting the def ault password used for

administ rative accounts.

Mitigating the Threat

An interesting aspect of prevention within Service- Oriented Architect ure (SOA) is outline by Shah, Mangal,

Agarwal, Mehra, and Patel (2010) where a heavy f ocus is given to web services . In several aspects of

Internet based communications, many vendors provide an Application Programing Interf ace in which a great

deal of these communications takes place via a web service. The idea is t hat a Web Service is no dif f erent

f rom a web application in the sense that bot h are open to attacks. Shah et al. (2010) put f ort h the idea of

leveraging Simple Object Access Proto col (SOAP) at both the server and client using encryption to combat a

DoS attack by use of handlers. These handlers provide a number of actions o ne being encryption and the

second being validation o f the SOAP envelop. Bot h of these opt ions great ly reduce the DoS threat in the

7/29/2019 Combating DoS or DDoS Attacks

4/5

area of web services.

In reality there has been a great deal of both so lutions provided in the def ense of DoS attacks which includ

anomaly detection, IP tracing, and f iltering packets and the area o f DoS is constantly evolving (Yu, Fang, Lu

and Li, 2010). When it all comes down to reducing the threat the obvious answer resides in the area of trus

management, in ot her words know your user base and est ablish s tro ng boundaries o f network usage. Yu e

al. (2010) also present t he use o f a license management server, which would serve out a license to

author ized users, and without the license at the client, all network communications sent to the receiver

would be ignored. The idea here of mitigating the DoS attacks is both lightweight and f easible to the degree

that interested parties could quickly and easily adopt a defensive posture against DoS attacks.

Conclusion

At this point, it should be clear that DoS attacks are not overly co mplicated to both def end and attack.

Referencing f igure 3 it is clear that DoS can af f ect each tier of the OSI model.

Figure: 3

What makes DoS dif f icult t o def end are the f acts that it is o f ten diff icult t o distinguish between legitimate

traf f ic and the fact that all sof tware contains defects that can be exploited. While DoS is dif f icult to defend

it is not imposs ible. Actions such as reviewing network infrast ructure against the National Inst itute o f

Standards and Technology (NIST) s tandards and load tes ting the network will both assist in f inding

vulnerabilities and understanding at what stress point the network will break under a given load. Monito ring

also extremely important therefor an Intrusion Detection System (IDS) o r Intrus ion Prevention System (IPS)

will assist immensely in protecting the network. Of course, the single mos t import ant aspect is to have an

7/29/2019 Combating DoS or DDoS Attacks

5/5

established policy and procedure that outlines the course of action taken befo re, during, and af ter the

attack. If the network is a victim of an attack, as soo n as poss ible the Internet Service Provider (ISP),

Information Security (IS) perso nnel, and the appropriate law enforcement agency must all be alerted.

References

Goyal, V., Kumar, V., Singh, M., Abraham, A., & Sanyal, S. (2006). A new protocol to counter online

dictionary att acks. Computers & Security, 25(2), 114-120. doi:10.1016/j.cose.2005.09.003

Cisco. (2005). ACNS Denial of Service and Default Admin Password Vulnerabilit ies. Cisco SecurityAdviso ry. Retrieved f rom http://tools.cisco.com

Northcutt, S. (2007). Security Laboratory: Methods of Attack Series. SANS Technology Institut e.

Retrieved f rom http://www.sans.edu

Shah, D., Mangal, A., Agarwal, M., Mehra, M., & Patel, D. (2010). Mitigating DoS us ing handlers f or

Global SOA. Journal of Algorithms & Computat ional Technology, 4(4), 381-394. Retrieved f rom

http://www.multi-science.co.uk/

Ying, X., Incheol, S., Thai, M. T., & Taieb, Z. (2010). Detecting application denial-of -service attacks: A

group- tes ting-based approach. IEEE Transactions On Parallel & Dist ributed Systems, 21(8), 1203-

1216. doi:10.1109/TPDS.2009.147

Yu, J. J., Fang, C. C., Lu, L. L., & Li, Z. Z. (2010). Mitigating application layer distributed denial of

service attacks via ef f ective trus t management. IET Communications, 4(16), 1952-1962.

doi:10.1049/iet-com.2009.0809

Highly mot ivated inf ormation technology prof essional with 16+ years of experience. Working

as a so f tware engineer Steven develops and maintains web based so f tware so lutions. As a

skilled prof essional he is f ocused on the design and creation o f so f tware. Because

communication skills are extremely important Steven continues to expand his knowledge in

order t o communicate clearly with all facets of business. Recently Steven has been leading

ef f orts t o standardize sof tware development t oo ls and technology, plans and coordinates

web accessibility as applied to IT Solutions, and he is tackling application security in terms o f best practicesand implementation o f the Security Development Lif e-cycle.

http://mr.crossref.org/iPage/?doi=10.1049%2Fiet-com.2009.0809http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=5232807http://www.multi-science.co.uk/http://www.sans.edu/http://tools.cisco.com/http://www.sciencedirect.com/science/article/pii/S0167404805001537