Embed Size (px)
DESCRIPTION
A Distributed Denial of Service (DDoS) attack is one of the most sophisticated but very common attacks observed across the globe currently. Perpetrators of DDoS attacks typically target sites or services hosted on web servers of banks, third party payment gateways, ecommerce portals, social media portals and even root name servers. These kinds of attacks are usually launched to degrade a company’s credentials.
Citation preview
ARTICLE
Fighting a DDoS Attack
A Distributed Denial of Service (DDoS) attack is one of the most sophisticated but very
common attacks observed across the globe currently. Perpetrators of DDoS attacks typically
target sites or services hosted on web servers of banks, third party payment gateways,
ecommerce portals, social media portals and even root name servers. These kinds of attacks
are usually launched to degrade a company’s credentials.
Last year, the hacker group “Anonymous” was responsible for the attacks on various
websites / servers including attacks on companies that were against Wikileaks.
An e-commerce site was recently victim to such a DDoS attack during peak business
hours. The site began to experience a huge amount of traffic (legitimate as well as
malicious) which was more than the normal traffic pattern. During the period of the attack,
traffic on the portal increased by a factor of 5.
One of the common DDoS methods is, to disrupt the TCP/IP protocol by sending an
inordinate number of illegitimate SYN packets to the server. It engages the server in
processing the illegitimate requests instead of serving the legitimate ones from the real end-
users.
If a customer of this ecommerce portal were to log on to buy something, the service would
have been inaccessible to him/her as the server would have been busy allocating its
resources to execute the illegitimate requests or packets.
ARTICLE 02
Possible Loss Scenarios to an e-commerce site in the event of a DDoS attack:
Approx. Annual Turn- Avg. Turn-over per Avg. Loss faced over of an hour (assuming 18 during a downtime e-commerce site (Rs.) hours of usage per for 3 hours (Rs.) day) (Rs.)
Case I 100 crores 1,52,207 4,56,621
Case II 1000 crores 15,22,070 45,66,210
In addition to this, loss of customer trust can result in longer term revenue loss.
In this particular attack, more than 3 lakhs packets per second had hit the website. The
attack was executed from multiple pseudo IP addresses, thereby limiting the possibility of
locating every IP address and pooling them in the firewall to block the Ips. DDoS attacks because of their nature and execution is very difficult to identify in their early
stages. Early detection of a DDoS attack is critical to reduce its impact.
Netmagic has a dedicated Security Operations Center (SOC) with security analysts who
monitor the network round-the-clock for security threats. The SOC is fully equipped with
latest DDoS detection and mitigation tools including Arbor Networks DDoS Solution. The
system continuously monitors for behavior patterns and triggers alarms as soon as there is
a deviation from the normal traffic baseline.
In this particular incident/attack, the DDoS mitigation tool identified the attack and raised an
alarm to the Security Operation Center team. The SOC Team immediately started the
analysis of the issue and identified the root cause of the problem. Within couple of minutes,
all the managers from respective teams got on a joint conference call with the customer. The
call was used to inform and update about the happenings during the attack and the
mitigation steps being undertaken. Simultaneously investigations were started to understand
if such attacks or behaviors were observed in past by the customer as a result of any online
marketing campaigns or other legitimate activity. Netmagic always follows a Business
Verification process to ensure that legitimate traffic is not blocked as a false positive.
Necessary actions were initiated with help of the Netmagic DDoS solution which then
diverted the traffic to a “Scrubbing Center”.
Scrubbing is a process to ensure that all the illegitimate traffic is scrubbed off and only
clean and genuine traffic is allowed to pass through. The identified malicious traffic is sent
to the Null zone and is terminated. This ensures that the attack gets controlled and only
legitimate traffic reaches out to the server. Netmagic Solutions
ARTICLE 03
The entire process of investigation and mitigation was manually initiated but executed
automatically using Arbor’s PeakFlow SP and Threat Management Solution. With the help of
right technology, skilled resources and well-defined processes, Netmagic successfully
managed to control impact of the attack and reduce loss of continuity of customer’s
business.
The entire cycle of Identification, analysis, plan and action against the DDoS attack was
completed in a matter of minutes, and the attack was successfully mitigated. Netmagic’s
highly advanced and scalable security monitoring and management infrastructure setup at the Security Operations Center (SOC) plays a very vital role in these
type of scenarios. Our Managed Security Services ensure that our enterprise customers are
protected from the latest emerging threats and are able to respond faster to business
disruptions.
Related links: Data center, Managed service provider,
www.netmagicsolutions.com
http://blog.netmagicsolutions.com http://twitter.com/netmagic http://linkedin.com/company/netmagic The content you have downloaded has been produced with thoughtful, original research efforts by Netmagic. Please do not duplicate or misuse it. You may
quote portions of our research in your own material provided you include a proper attribution to this original source. You are free to share this content on the
web with friends and colleagues. © 2012 Netmagic Solutions Pvt. Ltd. All rights reserved. PDF to Word
