Complex DDoS attacks are on the rise. The increase in these types of DDoS attacks has been on an upward trend over the last few years. Unfortunately, with 2014 around the corner, it doesn’t appear things will be any different in the coming year.
Previously, I spoke about Layer 7 DDoS attacks and how application layer attacks are more difficult and costly to mitigate against, versus your more typical volumetric attacks. I also briefly spoke about the OSI Model and how the data is transmitted from the physical server to the end-user.
In this article we will be discussing some techniques and strategies that go into launching an intelligent defense against complex DDoS attacks.
Understanding Complex DDoS Attacks
DDoS attacks no longer rely on pure bandwidth and power to overwhelm a server and send a website offline. Distributed denial of service has evolved into more complex DDoS attacks that rely on a multi-vector approach. The key to defining these types of attacks is recognizing the differences between traditional DDoS, and multi-vector attacks:
Traditional DDoS attacks typically rely on sending a large volume of traffic at a target website. These attacks essentially rely on sheer power.
Complex DDoS attacks use a multi-vector approach, using blended attack strategies and application layer attack patterns.
Traditional attacks use malicious traffic to take down websites. Of course, in order to take down a website, the attacker needs a source for traffic. This is accomplished in one of two ways (or both):
- Botnets: A botnet is a series of compromised machines that can be controlled through a central server by a single attacker. Botnets are created through the spread of malware.
- Group participation: A perfect example of this would be the Anonymous attacks against PayPal using the Low Orbit Ion Cannon (LOIC).
A complex DDoS attack may involve both a volumetric attack and an application layer attack strategy. It is not uncommon for these types of attacks to be used in conjunction with a breach attempt, as this post from Brian Krebs highlights.
One reason complex DDoS attacks can be so difficult to mitigate against is because they typically target areas of a server or website that are far more vulnerable to causing the site to go down. The attackers may target downloads, forms, and other areas of a website, which makes the traffic more difficult to distinguish between attack traffic and normal users. This is especially troublesome because visitors may be blocked during mitigation due to false positives.
Here are just a few ways a complex DDoS attack will target a website:
- Amplification attacks: Application attacks can generate a lot of traffic by spoofing requests to open DNS servers. Once received they will forward the traffic to the spoofed address. By targeting open DNS servers, an attacker can amplify the volume of their attack.
- Multi-vector attacks: Through this strategy an attacker will switch between sending a large volume of traffic, and at the same time, begin launching application layer attacks at website resources. This blended approach makes mitigation extremely difficult.
- Sophisticated botnets: DirtJumper Drive, for example, is a sophisticated DIY botnet software that allows anyone to create their own botnet to launch DDoS. It also has anti-mitigation features called “-smart” attacks that sniff out and bypass anti-ddos software.
With DDoS becoming more intelligent it is more important than ever to have a DDoS protection plan in place.
Developing A Strategy For Complex DDoS Attacks
If a large portion of your company’s revenue is derived online, or if downtime could have a damaging impact on your brand, having a strategy for dealing with DDoS is even more important. Having a plan in place doesn’t necessarily mean you have to start cutting into your yearly budget either. The key is finding a healthy balance that protects both your website and your bank account.
At the very least you should get in touch with a DDoS mitigation provider so you have a go-to in the event of an attack. This proactive planning gives your company the ability to deal with an attack much more effectively — which means you’ll get back online sooner.
You may want to speak with a DDoS mitigation specialist in advance to better understand your needs and potential costs of an attack, both in cost of protection and the cost of lost sales due to downtime.
Practical Tips For Dealing With A Complex DDoS Attack
- Understand your industry risk.
- Determine how downtime affects your bottom line (cost per hour of downtime).
- Evaluate your needs (Should you get a DDoS protected server or remote protection?).
- Talk with a DDoS mitigation expert.
- Create a playbook, an action plan for dealing with DDoS.
How is your business mitigating the risk posed by DDoS?