This page contains a Flash digital edition of a book.
how to guide: stay online


web server as it waits to resolve the requests, blocking other visitors to the site. In contrast to Layer 4 DoS attacks, a


hacker could use ‘slowloris’ to take down a website from a single machine. This kind of attack can be addressed with a


web application firewall (WAF), which can identify the slow, intermittent get requests as malicious behaviour and block the IP address of the machine they are coming from. If the attack has been launched by a


hacker targeting a particular website, however, they can change their IP address to circumnavigate this block. More sophisticated WAFs can firstly identify whether or not the attack is being conducted by a human being, by serving code along with website content that analyses the user’s behaviour, and secondly use that analysis to block the user on the basis of some other identifying information.


effectively taking the site offline. The way to protect against DNS DoS


attacks is to deploy a system, often referred to as a DNS firewall, that massively adds to the memory that the DNS server uses to process requests, and therefore the number of requests that it can handle. A fourth kind of DoS attack is a firewall


A common


characteristic of targeted attacks is that hackers will try a combination of different methods to see what works


DoS. This emerged only recently during the attacks by hacktivist group Anonymous in retaliation to the crackdown on transparency site Wikileaks. It transpired during those attacks that, while enterprise network firewalls can handle a large throughput of traffic, they can only withstand a finite number of incoming connections. Once that number is exceeded, the firewall can no longer let traffic from the Internet through to the web server.


Flooding the connections Another way to take a website offline is to attack the DNS server, which connects the URL of the website to the IP address of the web server. A DNS server can only handle a certain number of requests. Once this number is exceeded, it will no longer direct visitors to the web server,


10 WWW.INFORMATION-AGE.COM


To combat a firewall DoS, organisations can deploy a system that can filter large numbers of Internet connections at the perimeter of their network, before the firewall itself. A common characteristic of targeted


attacks, however, is that hackers will try a combination of different methods to see what works. The best defence against a blended DoS attack, therefore, is to use a blend of DoS protection techniques.


WWW.F5.COM


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20