how to guide: stay online
Keep your website online
The growing diversity of denial-of-service attacks calls for a blended approach to DoS defence
WHILE the past decade has been characterised by the growing commercialisation of cyber crime, recent years have seen the rise of the ‘hacktivist’, a hacker whose aim is to embarrass an organisation that they are opposed to. Taking down an organisation’s website is
a highly visible form of protest, so denial- of-service (DoS) attacks – when a site is flooded by a burst of traffic or a slow trickle of connections over time – have become the weapon of choice for hacktivists. As businesses have become aware of DoS
attacks and adopted defences, the attacks themselves have grown in sophistication. The simplest form of attack operates at
the transport layer, or Layer 4, of the Internet connection into the data centre that is hosting the site. This kind of attack will often use a botnet, a network of compromised computers, to send thousands of ‘half-open’ connections – requests to connect to the site that, once approved, never reply. This occupies the network while it waits for a response until it can no longer accept any more traffic. An internal data centre firewall can handle a certain number of ‘half-open’ connections, but it is typically the
WWW.INFORMATION-AGE.COM
responsibility of the Internet service provider to make sure the Internet connection itself is not overwhelmed in this fashion.
Web server attack Another kind of DoS attack affects the functionality of the web server, rather than the network connection. A recent example was a DoS attack application known as ‘slowloris’. This sent ‘get’ requests to the web server, as a browser would when rendering a web page, but very slowly and intermittently. This occupies the available memory and network connections of the
WWW.F5.COM 9
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20