Abstract
DDoS, the abbreviation of “Distributed Denial-of-Service”, is a malicious attempt against websites, servers, or networks unavailable to provide its services or resources to its intended users. Usually, targets of DDoS are high-profile sites such as government agencies, giant corporations, financial institutions, major cloud service providers, telecommunication businesses, and politically related groups. The following article will discuss the background and types of DDoS attacks, and also get into the methods of prevention and protection.
Background
DDoS is an advanced form of the traditional denial-of-service (DoS) attack. In conventional DoS attack form, one computer or one Internet connection is used to flood targeted networks with saturated packets. When floods of packets are delivered to the targeted website, the host protocol of the site experiences extraordinarily high volume of queues and its services are jammed up. Users of the site may not be able to access its services and resources. Imagine an email inbox with overloaded spam mails. Some may refer it as a “zombie” attack. In contrast, a DDoS attack intrudes its targets through multiple, distributed or even global computing systems and networks, almost impossible for the victims to identify the sources of attacks. Some may refer DDoS as “botnet”, meaning a group of “zombie computers” or simply a “zombie army”. Today, DDoS attack rates have mounted to almost 30 incidents per hour, according to sources. One of the major incidents in recent years has to cite from the unavailability of both Sony Playstation Network and Microsoft Xbox gaming services during the Christmas time in 2014. Both gaming service networks were overflowed with DDoS attacks and their users were experiencing problems connecting to their corresponding networks.
Types of DDoS Attacks
One common purpose of DDoS attack is to saturate the targeted network by sending external communication requests (data packets), so that it is unable to respond to legitimate requests from its users. In that case, the host of the targeted site is experiencing overloaded traffic and thus its service is unavailable. Since DDoS is far more complicated than its traditional form, it is highly recommended to look into general types of DDoS attacks.
1. Network Volume Attack
This type of attack aims at the TCP, UDP and ICMP networks by flooding their traffic. One possible symptom is a high volume of bits per second experienced in a short amount of time when no special public event occurs.
2. Server Protocol Attack
This type of attack actually consumes server resources, such as memory space and CPU loading. Commonly seen are SYN, Ping of Death and Smurf DDoS. One symptom to identify this attack is a high volume of packets per second in a very short time interval, when no special public event occurs for the host server. Current operating systems have been remedied to prevent most of server protocol attacks.
3. Application and System Level Attack
Attacks at this level aim at applications and web server systems such as Apache, Windows and other similar HTTP operating systems like OpenBSD. Commonly known ones are Slowloris and Zero-day. Unlike the previous two types, one particular characteristic of this type is the uses of normal and legitimate requests on the surface. It has been observed that this type of DDoS attack only occupies relatively smaller amounts of network traffic without flooding methods, and just activates a small portion of web applications, such as online ordering, or search results.
Prevention Measures
Practical protection measures involve a combination of flooding detection, network traffic identification, and defensive blocks against abnormal packets. Therefore, front-end, hardware-assisted measures with high performance in deep packet inspection are extremely necessary.
Firewall
Usually as the first option, many major institutions set up firewalls configured to allow or deny certain protocols, packets, or IP addresses. This is very useful against flooding attacks. For more complicated DDoS attacks, firewalls shall act as packet filter to analyze any incoming packet. In fact, the incoming packets shall be categorized as priority, normal or hazardous.
Intrusion Prevention System
Another practical solution is the implementation of Intrusion Prevention System (IPS). IPS systems with high processor performance are capable of recognizing traffic and signature patterns and blocking abnormal packets and requests to minimize the risks of overflowing volumes.
Robust Firewall and IPS Systems by Lanner
With the rising complexity in network attacks, ordinary, standardized firewalls or IPSs alone are not enough to protect targeted networks from DDoS. To build up a comprehensive prevention, Lanner offers robust and powerful platforms built in well-consolidated architectures highly essential for enterprise and industrial network management. The necessary elements include the following:
- High processing power CPU to run deep packet inspections in efficient manners. For instance, Intel® Xeon® E5-2600 series. To counter highly complicated DDoS attacks, only top performing CPUs can handle multiple detection and mitigation tasks.
- A complimentary chipset or PCH to work with the CPU in coordinating with peripherals. For instance, Intel Wellsburg PCH can communicate with IPMI LAN ports, PCIe lanes and storage devices in high efficiency.
- High-port density and ultra bandwidth, from 10GbE to 40GbE Ethernet LAN.
By taking the above technological benefits into considerations, Lanner offers a high-end, well-rounded security system FW-8896, optimal for web traffic filtering, content detection and network optimization. This dynamic platform is built with the following technological advantages:
- Dual Intel® Haswell-EP Xeon® E5-2600 v3 CPUs with C612 chipset supporting DDR4 memory up to 512GB and 40 PCIe 3.0 lanes.
- Intel C612 PCH (codenamed “Wellsburg”) with ultra peripheral connectivity supporting multiple PCIe lanes, SATA ports, USB ports and IPMI/OPMA, enhancing peripheral communications.
- Up to 8 Ethernet modules with a maximum 64 GbE ports composed of either 1/10GbE RJ-45 or 1/10/40GbE fiber LAN connectors.
- Dual Intel QPI® links up to 9.6 GT/s
- Intel® Coleto Creek 8925 acceleration engine and Intel® QuickAssist Technology for enhanced cryptographic and compression processes.
- Intel® DPDK (Data Plane Development Kit) to optimize packet processing performances.
Aside from FW-8896, Lanner possesses a complete selection of firewall, UTM and IPS platforms that protect your network protocols from large-scale DDoS attacks. For more information, please visit our official website at www.lannerinc.com.
Related Articles
- Delivering Real-time 100 Gbps DDoS Protection with Reduced Time to Mitigation and Operational Complexity
- Protect Enterprise Data Center from DDoS Attacks with Next-generation Firewalls