 |
|
DAILY NEWS AND INFORMATION FOR THE GLOBAL GRID COMMUNITY / MAY 26, 2003: VOL. 2 NO. 21
|
Breaking News - Security:
Massive DDoS Attack Foiled By Webscreen Anti-DDoS Appliance
One of the world's largest Web hosting companies successfully fought off a
massive distributed denial of service (DDoS) attack, thanks to having
installed DDoS protection in the form of Webscreen's anti-DDoS appliance.
The massive distributed attack, directed at the Web-hosting company's
infrastructure, happened at the beginning of May 2003 and was in excess of 400
Mbps. For two hours, the attackers tried to disable the company by
simultaneously hitting it with ICMP echo-requests, SYN floods, Fragments and
UDP floods.
The Webscreen device, which uses a patented technology call CHARM (as it lets
the 'charming' customers in and keeps the bad boys out) was rejecting over
273,000 packets per second sent by the attackers, while simultaneously
preventing the network from experiencing any outages.
Despite the ferocity of the attack, the company was able to carry on with
normal service -- in marked contrast to a similar attack in 2002, before the
Webscreen device was installed, which resulted in nearly a week's downtime!
Without suitable DDoS protection, the effects of a major DDoS attack can be
extremely serious for companies whose business is dependant on being
permanently online. These dangers were highlighted by ISP Cloud Nine at the
beginning of 2002, which had to cease trading after DDoS attacks disabled it.
Distributed Denial of Service Attacks
To launch a DDoS attack, a hacker often uses easily available Internet
downloads to break into any number of unprotected Internet-connected computers
and covertly installs a piece of attack software on them, turning the PC into
a so called zombie. The software (on hundreds, if not thousands of zombie
computers) is then remotely activated to connect to the target Webserver,
sending bogus packets of traffic thousands of times a minute.
The target Webserver is flooded with this barrage of spurious traffic,
overwhelming its infrastructure, exhausting its bandwidth, its router
processing capacity or network stack resources, and ultimately making it
crash.
Webscreen Anti-DDoS Appliances
Webscreen anti-DDoS appliances are one of the world's most advanced solutions
for defending against Distributed Denial of Service (DDoS) attacks. The
appliances use patented CHARM technology to ensure that genuine users or
customers of a website always have access while attack traffic is dropped.
Unlike conventional anti-DDoS software, Webscreen uses heuristic algorithms to
detect DDoS attacks. The device looks at the nature of the access rather than
the exact signature, so an update is not required every time a new DDoS attack
tool is developed. Every packet that enters Webscreen is first analysed by the
Syntax Screener. If its IP characteristics do not pass the tests, the packet
is rejected.
The behaviour of all IP addresses that pass through the device is recorded and
Webscreen very quickly builds up a history of the IP address, generating a
CHARM value. The CHARM technology determines if the packet is an attack and
then makes the decision to reject or accept the packet. The CHARM technology
provides a measure of how much Webscreen trusts a packet. If it has a high
CHARM rating, Webscreen is more likely to let it pass through.
|