Fighting a DDoS Attack


Published on

A Distributed Denial of Service (DDoS) attack is one of the most sophisticated but very common attacks observed across the globe currently. Perpetrators of DDoS attacks typically target sites or services hosted on web servers of banks, third party payment gateways, ecommerce portals, social media portals and even root name servers. These kinds of attacks are usually launched to degrade a company’s credentials.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Fighting a DDoS Attack

  1. 1. ARTICLEFighting a DDoS AttackA Distributed Denial of Service (DDoS) attack is one of the most sophisticated but verycommon attacks observed across the globe currently. Perpetrators of DDoS attacks typicallytarget sites or services hosted on web servers of banks, third party payment gateways,ecommerce portals, social media portals and even root name servers. These kinds of attacksare usually launched to degrade a company’s credentials.Last year, the hacker group “Anonymous” was responsible for the attacks on variouswebsites / servers including attacks on companies that were against Wikileaks.An e-commerce site was recently victim to such a DDoS attack during peak businesshours. The site began to experience a huge amount of traffic (legitimate as well asmalicious) which was more than the normal traffic pattern. During the period of the attack,traffic on the portal increased by a factor of 5.One of the common DDoS methods is, to disrupt the TCP/IP protocol by sending aninordinate number of illegitimate SYN packets to the server. It engages the server inprocessing the illegitimate requests instead of serving the legitimate ones from the real end-users.If a customer of this ecommerce portal were to log on to buy something, the service wouldhave been inaccessible to him/her as the server would have been busy allocating itsresources to execute the illegitimate requests or packets.
  2. 2. ARTICLE 02Possible Loss Scenarios to an e-commerce site in the event of a DDoS attack: Approx. Annual Turn- Avg. Turn-over per Avg. Loss faced over of an hour (assuming 18 during a downtime e-commerce site (Rs.) hours of usage per for 3 hours (Rs.) day) (Rs.) Case I 100 crores 1,52,207 4,56,621 Case II 1000 crores 15,22,070 45,66,210In addition to this, loss of customer trust can result in longer term revenue loss.In this particular attack, more than 3 lakhs packets per second had hit the website. Theattack was executed from multiple pseudo IP addresses, thereby limiting the possibility oflocating every IP address and pooling them in the firewall to block the Ips.DDoS attacks because of their nature and execution is very difficult to identify in their earlystages. Early detection of a DDoS attack is critical to reduce its impact.Netmagic has a dedicated Security Operations Center (SOC) with security analysts whomonitor the network round-the-clock for security threats. The SOC is fully equipped withlatest DDoS detection and mitigation tools including Arbor Networks DDoS Solution. Thesystem continuously monitors for behavior patterns and triggers alarms as soon as there isa deviation from the normal traffic baseline.In this particular incident/attack, the DDoS mitigation tool identified the attack and raised analarm to the Security Operation Center team. The SOC Team immediately started theanalysis of the issue and identified the root cause of the problem. Within couple of minutes,all the managers from respective teams got on a joint conference call with the customer. Thecall was used to inform and update about the happenings during the attack and themitigation steps being undertaken. Simultaneously investigations were started to understandif such attacks or behaviors were observed in past by the customer as a result of any onlinemarketing campaigns or other legitimate activity. Netmagic always follows a BusinessVerification process to ensure that legitimate traffic is not blocked as a false positive.Necessary actions were initiated with help of the Netmagic DDoS solution which thendiverted the traffic to a “Scrubbing Center”.Scrubbing is a process to ensure that all the illegitimate traffic is scrubbed off and onlyclean and genuine traffic is allowed to pass through. The identified malicious traffic is sentto the Null zone and is terminated. This ensures that the attack gets controlled and onlylegitimate traffic reaches out to the server. Netmagic Solutions
  3. 3. ARTICLE 03 The entire process of investigation and mitigation was manually initiated but executed automatically using Arbor’s PeakFlow SP and Threat Management Solution. With the help of right technology, skilled resources and well-defined processes, Netmagic successfully managed to control impact of the attack and reduce loss of continuity of customer’s business. The entire cycle of Identification, analysis, plan and action against the DDoS attack was completed in a matter of minutes, and the attack was successfully mitigated. Netmagic’s highly advanced and scalable security monitoring and management infrastructure setup at the Security Operations Center (SOC) plays a very vital role in these type of scenarios. Our Managed Security Services ensure that our enterprise customers are protected from the latest emerging threats and are able to respond faster to business disruptions. Related links: Data center, Managed service provider, content you have downloaded has been produced with thoughtful, original research efforts by Netmagic. Please do not duplicate or misuse it. You mayquote portions of our research in your own material provided you include a proper attribution to this original source. You are free to share this content on the
  4. 4. web with friends and colleagues. © 2012 Netmagic Solutions Pvt. Ltd. All rights reserved.PDF to Word