Protecting yourself against mini-DDos attacks
Published: 29 Mar 2004 15:35 BST
In a recent article, I chronicled what I believe to be a new and looming threat to virtually all business and individual users of the Internet: the Mini-DDoS (mDDoS). These are distributed denial of service attacks small enough to fly below the security radars of ISPs and law enforcement agencies, but potent enough to shut down cable or DSL modems connections. As evidenced by my inability to do anything about an attack on my connection (which I use to get my job done, but is shared with other family members for personal use), the perpetrators can wreak havoc without fear of reprisals.
Cable and DSL modem connections account for a growing contribution to the US economy. Just think of the telecommuters and small- to medium-size businesses that host through such connections and the number of e-commerce transactions that pass through them. To the extent that national security relies on the vitality of the economy, I consider the mDDoS a significant threat to our national security.
I received a ton of replies to that column with all sorts of interesting suggestions on how to stop an mDDoS targeted specifically at my home office connection. The most common suggestion was to unplug my router and plug it back in again. The thinking behind this is that if my Linksys router is obtaining its IP address from my Internet service provider (ISP) each time it restarts, then restarting it will force my ISP to issue the router a new address, and the mDDoS (which was relying on the old IP address) would lose its way.
Unfortunately, this is not a solution for a variety of reasons. First, although my ISP does issue dynamic IP addresses, the one it issues me never changes anyway. Despite all my attempts to release the old address and obtain a new one, my router always ends up with the same IP address. Additionally, even if this technique did work, it would simply put an end to the attack in progress. It wouldn't prevent it from happening again. Sooner or later, the perpetrators may get the new IP address. I have no interest in running to my basement every time I think I am experiencing an mDDoS.
Many readers asked if a personal firewall would have helped. The answer in my situation, where several PCs use a Linksys firewall/router to share a single connection to the Internet, is no. I already have personal firewalls running on the PCs. Within my home's local area network, the PCs have no trouble talking to one another. The connection that was overwhelmed by mDDoS was the one on my Linksys router that was connected to the cable modem. In other words, the traffic from the mDDoS never even reached the PCs on my network.
Several ISPs wrote in to say that they were aware of the problem and want to do something about it, but that I'd be surprised at how difficult it is for them to address the problem. The main problem has to do with the scalability of the carrier class anti-DDoS solutions. These solutions apparently employ the right techniques for ISPs and telecommunications carriers, but they have a difficult time keeping up with all the traffic that some of the larger ISPs see.
Previous
Did you find this article useful?
27 out of 50 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
