Security Update - Attack of the Foreign Botnets

News Archives: » News Index » Publications

Security Update - Attack of the Foreign Botnets

Fri, Jun 1st, 2007

Attack of the Foreign Botnets

Botnet attacks, often from sophisticated offshore locations, can bring down enterprise applications including integrated physical security systems working on enterprise networks.

Among the most serious threats facing the Internet today are Distributed Denial of Service (DDoS) attacks in which compromised PCs controlled by remote attackers inundate a network with the intent to crash its Web or application services. Worldwide DDoS attacks reached as many as 10,000 per day in 2006, according to a survey conducted by the Computer Security Institute.

These attacks are very easy to launch and hard to track. Furthermore, it is difficult to deny the requests of attackers without also refusing legitimate requests for service. Up to now, conventional DDoS prevention included mitigation leveraged routers, firewalls and intrusion detection systems and more recently new plug-and-play DDoS mitigation devices. But these solutions have limitations particularly in light of the size of the attacks.

CHECK WITH YOUR NET ADMINISTRATOR

Organizations can purchase these solutions themselves, and many Internet service providers offer the devices on their networks. DDoS mitigation devices employ newer intrusion prevention technology that not only inspect traffic, but also proactively mitigate attacks based on rules established by the network administrator. For example, an intrusion prevention system might drop a packet that it determines to be malicious and block all further traffic from that IP address or port while allowing unaffected traffic to flow unimpeded. Mitigation systems can perform complex monitoring and analysis, such as watching and responding to both individual packets and overall traffic patterns. Unfortunately, these hardware devices also have performance limitations. After they reach their limits, they allow attack leakage back onto the system, hurting the network. Modifying these solutions to add capacity is a slow process that can take days to weeks far slower than the rate at which attack sizes are increasing.

In the end, the most effective prevention against DDoS attacks is to make sure they never enter a network in the first place. Increasingly many organizations are turning to service providers that mitigate massive DDoS attacks in the cloud, leveraging large amounts of bandwidth and racks of scrubbing equipment. Managed service providers spread the cost of their resources over many customers, so they can purchase massive amounts of resources to handle the largest attacks.

The most effective DDoS mitigation service providers have global reach, and so are able to mitigate attacks near their origin.

It is increasingly common that US- and European-based companies are attacked by large botnets stemming from Asia. So it makes little sense to have gigabits of traffic travel over continents and oceans en route to a single DDoS mitigation system.

About Prolexic:
Prolexic Technologies provides cutting edge solutions that protect Internet operations from the debilitating service disruptions caused by DDoS attacks. Prolexic's patent-pending Clean Pipe Virtual Transport(R) network offers solutions that keep its clients' Internet-facing infrastructures free of DDoS traffic. Without making major adjustments or multimillion-dollar investments in their existing hardware infrastructures, Prolexic's customers rest assured that their network borders are secure and can thus focus on what is really important: their businesses. More information about Prolexic is available at www.prolexic.com

« Previous Posting | Next Posting »

"The problem of web attacks is increasing and we are committed to providing our customers with the highest level of protection possible. We chose to work with Prolexic to offer this, because they have the strongest expertise in the field of DDoS and the most dynamic solution to handle the range of attacks we have seen in past months."

Warren K. Liu, CTO
IP-Converge