Cyber Security Services

Cyber Technology International Defense

Denial-of-Service Defense

International Cyber Attacks:

International cyber-attacks, especially Denial-of-Service (DoS) attacks, typically originate overseas and elude prosecution by local jurisdictions. DoS attacks are usually considered anonymous in nature due to IP Spoofing, the lack of international regulations, and lack of international cooperation. Although some DoS Prevention technology exists, they become obsolete and circumvented over time as DoS attacks become increasingly prevalent and sophisticated. Therefore, network providers are forced to address and resort to approaches that simply contain and mitigate DoS attacks.

DoS Background:

Although the risk may vary, all systems and networks and formats are vulnerable to DoS. When DoS attacks occur, administrators need to classify it as a potential cyber-security breach within in their network. As connection availability becomes exhausted, attackers/bots scout and poke for vulnerabilities (especially in financial networks). By overloading the resources of the network, execution and function anomalies occur. This may allow attackers to anticipate and exploit known vulnerabilities in any network. Moreover, it does not matter whether the system is LAMP or ASP.NET for a DoS. The duration of a DoS attack can vary.

To better understand DoS, it may be helpful to compare traffic on the web to traffic on a highway. When a highway is congested with traffic, the flow or response for services is diminished or halted. Thus, a network administrator's goal would be to reduce events of high or useless traffic. However, network administrators usually understand that countermeasures for DoS are only a way to curb or contain a DoS outcome, and that they may have no absolute control to prevent DoS. It would be an unrealistic expectation that all DoS risks could be addressed on a network. In addition, DoS attacks become more sophisticated and countermeasures become obsolete over time. Nevertheless, network administrators endeavor to stop a DoS from completely flooding and shutting down the system. This is further evidenced with Google Search which has a Captcha safeguard. One of the purposes is to prevent bots from contributing to a DoS when the system detects unusual user behavior.

CMS Systems:

Much vulnerability can exist in CMS (Content Management System) type platforms such as WordPress, Joomla, Drupal; Attackers always have access to the source code of these files because they are public. Attackers regularly review the updated scripts and search for vulnerabilities and opportunities to inject code and files. In some cases, it can relate to DDoS attacks such as the widely-known exploitation of the XMLRPC.PHP pingback issue. Ultimately, the attackers are informed where the vulnerabilities are located in when security updates occur for the platform's online community. These attackers simply target such vulnerabilities for sites that have not yet updated and implemented the new files. Depending on the attacker's sophistication, they or their bots might first check if certain sites have updated yet by checking the system's change log file. Alternatively, the attackers blindly send requests to all known targets despite using additional resources. In addition, various plugins or widgets can likewise contribute to security vulnerability opportunities.

List of Companies:

The following large institutions have been victims of a DoS attack:

Intentional vs. Unintentional DoS

Common Methods:

Brute force style attacks are attacks that target common destination points or guessed destination points. Usually, the purpose is to gain access to accounts by multiple attempts at the account's password. Reflected attacks or spoof attacks are attacks that initiate massive sessions from anticipated response sources. Thus, the attacker here is relying on reflected connections to cause the DoS.

Common Countermeasures:

Administrators use a firewall sometimes to address DoS. The advantage of a firewall is that it is simple. The final destination of attack may be in port 80 or others. The disadvantage is that it is more difficult to stop port 80 with a simple firewall since it would stop all traffic including legitimate traffic. Other methods of DoS defense include traffic filters and bandwidth filters. Lastly, IP blockers are commonly used as a DoS defense where the IP address is known, but they not as effective in addressing distributed denial of service (DDOS) attacks that are distributed across multiple IP addresses.

Denial-of-Service Alert Technology:

The Denial-of-Service Alerter is technology that helps to mitigate the adverse affects of DoS attacks. The Alerter can give notice to the server's administrator that a DoS attack is in progress. Thus, the administrator may have the opportunity to address the DoS attack issue before the server's impending interruption of service. The technology also takes into account distributed denial-of-service attacks (attacks from a distributed source of ips). Among other metrics, the technology measures the frequency of connections and detects traffic, events, and requests.

Denial-of-Service Prevention by Shutdown Technology:

The Denial-of-Service Prevention by Shutdown Technology is automated technology that detects a DoS attack in progress and shuts down the server temporarily to prevent the server from completely going out of service. This can give the server administrator more time to address the DoS issue. Further, it might allow the server's administrator to implement remedial measures before the server's impending suspension of service.

Denial-of-Service Catch-All Technology:

The Denial-of-Service Catch-All is technology that attempts to broadly detect a DoS attack by measuring when the server's CPU is about to reach a certain point or its limits. This indirect methodology focuses on various metrics apart from brute force attacks or traditional IP analysis. Further, the approach emphasizes network resources as opposed to visitor identification and connection attributes. Therefore, it does not differentiate between intentional DoS and unintentional DoS (high traffic due to popularity).