David Kirkpatrick

September 30, 2009

Beating denial of service attacks

Interesting cyber security research.

The release:

Denial of service denial

New filtering system could protect networks from zombies

A way to filter out denial of service attacks on computer networks, including cloud computing systems, could significantly improve security on government, commercial, and educational systems. Such a filter is reported in the Int. J. Information and Computer Security by researchers from Auburn University in Alabama.

Denial of Service (DoS) and distributed Denial of Service (DDoS) attacks involve an attempt to make a computer resource unavailable to its intended users. This may simply be for malicious purposes as is often the case when big commercial or famous web sites undergo a DDoS attack. However, it is also possible to exploit the system’s response to such an attack to break system firewalls, access virtual private networks, and to access other private resources. A DoS attack can also be used to affect a complete network or even a whole section of the Internet.

Commonly, attack involves simply saturating the target machine with external internet requests. In the case of a DDoS attack the perpetrator recruits other unwitting computers into a network and uses a multitude of machines to mount the attack. The result is that the resource, whether it is a website, an email server, or a database, cannot respond to legitimate traffic in a timely manner and so essentially becomes unavailable to users.

Methods for configuring a network to filter out known DoS attack software and to recognize some of the traffic patterns associated with a mounting DoS attack are available. However, current filters usually rely on the computer being attacked to check whether or not incoming information requests are legitimate or not. This consumes its resources and in the case of a massive DDoS can compound the problem.

Now, computer engineers John Wu, Tong Liu, Andy Huang, and David Irwin of Auburn University have devised a filter to protect systems against DoS attacks that circumvents this problem by developing a new passive protocol that must be in place at each end of the connection: user and resource.

Their protocol – Identity-Based Privacy-Protected Access Control Filter (IPACF) – blocks threats to the gatekeeping computers, the Authentication Servers (AS), and so allows legitimate users with valid passwords to access private resources.

The user’s computer has to present a filter value for the server to do a quick check. The filter value is a one-time secret that needs to be presented with the pseudo ID. The pseudo ID is also one-time use. Attackers cannot forge either of these values correctly and so attack packets are filtered out.

One potential drawback of the added layer of information transfer required for checking user requests is that it could add to the resources needed by the server. However, the researchers have tested how well IPACF copes in the face of a massive DDoS attacks simulated on a network consisting of 1000 nodes with 10 gigabits per second bandwidth. They found that the server suffers little degradation, negligible added information transfer delay (latency) and minimal extra processor usage even when the 10 Gbps pipe to the authentication server is filled with DoS packets. Indeed, the IPACF takes just 6 nanoseconds to reject a non-legitimate information packet associated with the DoS attack.

###

“Modelling and simulations for Identity-Based Privacy-Protected Access Control Filter (IPACF) capability to resist massive denial of service attacks” in Int. J. Information and Computer Security, 2009, 3, 195-223

August 7, 2009

Was the Twitter DoS attack a product demonstration?

Filed under: Business, et.al., Media, Technology — Tags: , , , , , — David Kirkpatrick @ 3:10 pm

You have to admit it’s an interesting theory and more than a bit cybercloak-and-daggerish.

From the link:

Randy Abrams, director of technical education at ESET, an IT security company based in Bratislava, Slovakia, said his best guess is that a major botnet herderwas offering a demonstration of the power of his botnet to a potential client with a major target in mind.

“They could have been saying, ‘Look what I can do to Twitter. I think my botnet can handle whatever you want it to do,'” said Abrams. “I’d put my money on this being a demonstration, a show of force, by someone looking to hire out their botnet.”

Update — Or maybe not.

August 6, 2009

Twitter hit with DoS attack

Filed under: Business, Media, Technology — Tags: , , , , , , — David Kirkpatrick @ 11:57 am

Web 2.0 social networking apps seem to be under fire today with Twitter hit with a denial-of-service attackand additional reports have both Facebook and LiveJournal experiencing problems.

Once again proving that axiom of the net — get popular and find a big target on your back, or servers as the case may be.

From the link:

Twitter, the popular micro-blogging service, was crippled Thursday morning by a denial-of-service attack.

The extended silence in a normally noisy Twitterworld began around 9 a.m., according to TechCrunch. Later, Twitter posted a note to its status update page saying the site had been slowed to a standstill by an attack.

In a denial-of-service attack, hackers typically direct a “botnet,” often made up of thousands of malware-infected home PCs, toward a target site in an effort to flood it with junk traffic. With the site overwhelmed, legitimate visitors cannot access the service.

“On this otherwise happy Thursday morning, Twitter is the target of a denial of service attack. Attacks such as this are malicious efforts orchestrated to disrupt and make unavailable services such as online banks, credit card payment gateways, and in this case, Twitter for intended customers or users,” co-founder Biz Stone said in a blog post. “We are defending against this attack now and will continue to update our status blog as we continue to defend and later investigate.”