Home News Technology Innovative’s Customer Education Series: Distributed Denial of Service Attacks

Innovative’s Customer Education Series: Distributed Denial of Service Attacks

0

Innovative’s new EVO network recently fell victim to an attack caused by infected customer computers. This attack occurred against Innovative PowerNet’s NAT routers. Innovative PowerNet’s Network Engineers have since curbed the attack by making recommended changes from Cisco, and by adding more NAT routers to reduce the load on the existing NAT routers. This attack caused slow web site response time for many customers in Saint Thomas.
How could this happen? Sometimes a cracker uses a network of zombie computers to sabotage a specific Web site or server. The idea is pretty simple — a cracker infects computers with a payload package called a botnet. The cracker then tells all the computers on his botnet to contact a specific server or web site repeatedly. The sudden increase in traffic can cause the site to load very slowly for legitimate users. Sometimes the traffic is enough to shut the site down completely. This kind of an attack is called a Distributed Denial of Service (DDoS) attack.
Some particularly tricky botnets use uncorrupted computers as part of the attack. Here’s how it works: the cracker sends the command to initiate the attack to his zombie army. Each computer within the army sends an electronic connection request to an innocent computer called a reflector. When the reflector receives the request, it looks like it originates not from the zombies, but from the ultimate victim of the attack. The reflectors send information to the victim system, and eventually the system’s performance suffers or it shuts down completely as it is inundated with multiple unsolicited responses from several computers at once. With the recent attack on Innovative’s network, the source computers that are flooding the NAT routers are spoofing their IP address, which makes it more difficult to track them down.
From the perspective of the victim, it looks like the reflectors attacked the system. From the perspective of the reflectors, it seems like the victimized system requested the packets. The zombie computers remain hidden, and even more out of sight is the cracker himself.
The list of DDoS attack victims includes some pretty major names. Recently, the Healthcare.gov Web site suffered an attack by activists intent on adding to the site’s already well publicized problems. Microsoft suffered an attack from a DDoS called MyDoom. Crackers have targeted other major Internet players like Amazon, CNN, Yahoo and eBay.
Once an army begins a DDoS attack against a victim system, there are few things the system administrator can do to prevent catastrophe. He could choose to limit the amount of traffic allowed on the server, but this restricts legitimate Internet connections and zombies alike. If the administrator can determine the origin of the attacks, he can filter the traffic.
Unfortunately, since many zombie computers disguise (or spoof) their addresses, this isn’t always easy to do.
What can you do to prevent your computer from becoming part of the ‘zombie army’? Make sure that you have a software-based firewall enabled. You can purchase a third-party off the shelf security suite from companies such as McAfee, Symantec or AVG. Alternately, Apple and Windows based computers have a built-in firewall that can be enabled. Another highly recommended solution is to install a hardware-based firewall. Most off the shelf wireless routers from companies such as Linksys, Netgear and D-Link have a hardware firewall built-in. This adds another layer of protection by hiding your computer behind a firewall with a private address instead of it being assigned a (more exposed) public IP address.
A third layer of protection is to make sure that you have an Endpoint Protection solution installed, and that your definition files are fully up-to-date. Formerly referred to as Antivirus Software, Endpoint Protection packages from companies such as McAfee, Symantec and AVG protect your computer from all types of malware threats: viruses, trojans, worms, botnets, etc.
A final preventative measure is to make sure that your Operating System is up to date with all security patches and bug fixes applied. Microsoft, Apple and various other Operating System vendors push out updates on a weekly basis, many of them aimed at plugging security holes that have recently been identified in their product.
It is important for you to remain alert to suspicious activity. The following symptoms can be a sign of an infection on your computer:
• Web page ‘pop-ups’ for sites that you did not access
• Internet home page changes to an unfamiliar web site
• Internet activity lights on your router and/or modem blinking rapidly when the computer is not in use
• Web sites are slow to load
It is your responsibility to make sure that your computer is up to date at all times and has the latest protection software installed with the latest definition files. By following the suggestions in this article, you can help ensure a fast, safe internet experience not only for you but for your fellow Virgin Islanders.

LEAVE A REPLY

Please enter your comment!
Please enter your name here