Tag Archives: DDoS

Everyone’s talking about DDoS: Part One

Too much of anything is a bad thing. Too much sleep, too many drinks of cola, too much bad TV… even too much time at the gym, well, it’s not good. Excessiveness is just that: surplus to what is ideal, desirable and manageable.

In the IT sector, one of the things we can all do without are distributed denial of service (DDoS) attacks. Fair game it’s superfluous to requirements in that it’s malicious, not part of anything we do, something we never thought we’d have to contend with, a mutation that threatens network security and viability. But, it’s part of life.

DDoS attacks embody the notion of digital gluttony, as its modus operandi is predicated on the idea of disproportionate traffic as a means of disrupting and immobilising systems.

Such a bane is DDoS to industry that in a study by the Ponemon Institute entitled the Impact of Cybercrime on Business Report, IT professionals ranked it as one of the preeminent menaces to security. In the US, it is listed as the number one thing that induces unease.

With news that Checkpoint Software Technologies Ltd has produced the first in a number of solutions to protect businesses from DDoS attacks – in short, the ” appliance sits in front of an organization’s perimeter gateway and cleans the traffic from DDoS attacks before it reaches the main security gateway” – we thought we would look at some discussion points in this very topical subject matter.

Let’s start with controversy at its most extreme. In the Netherlands, D66, a political party that has a modest but nevertheless significant ten seats in the Dutch House of Representatives, five in the country’s Senate and three within the European Parliament, wants DDoS legalised. Yes, you read that correctly.

In its new election manifesto, the party, which has been in existence since 1966, considers such attacks, in some cases, done in the spirit of protest, digital remonstrations, hacktivism as we understand it. Now, they’re not calling for free reign, but for it to be regulated, similar to how real-life protests are.

InfoSecurity reports that where the idea gets its credibility from is in distinction. Where DDoS attacks are carried out to merely disrupt the online services of a business, like blocking the doors to, for example, a prominent supermarket, that falls within the law.

Where such attacks go deeper, actually breaking into the servers of that business, where sensitive information can be elicited, well, so argues D66, that is a line too far. Like, perhaps, protestors heading into the supermarket and destroying products and stealing money out of a till.

It’s certainly a punch in the dark, a wild suggestion, but one that is good for debate. We often need contrary, leftfield opinions to air themselves, not because we agree with them, but because they help us come up with ideas and solutions that were previously unattainable. In true, Socratic style, we leave you with that brilliantly provocative theme to mull over in interim, as we return with part two of this feature soon.

Mad Hulk does good

The Hulk is an iconic comic character created by Stan Lee and Jack Kirby, a brutal superhero who only manifests himself when his alter-ego Dr Bruce Banner loses control of his rage or is put in a position when his life is in danger. In the Marvel Comic universe, that is more often than not. Nobody wants to see Dr Banner sipping on coffee while meditating. Where’s the excitement in that?

A sort of digital manifestation of Hulk has materialised, aptly called the HTTP Unbearable Load King (the acronym being HULK), and what does it do? Well, “HULK get mad, HULK smash” is perhaps an apt explanation.

The back story to the origin of this denial of service (DoS) attack tool, which has managed to become the buzz topic of the moment, is that it was developed without malicious intent by a network security researcher.

Yes, you read right, its origins are entirely altruistic. You see, the gentleman in question produced the script to HULK as an “educational proof of concept”, a proactive exploration into exposing weaknesses on web servers, a form of penetration testing if you would.

The fascinating aspect of the story – if that wasn’t sufficiently amazing – was the fact that Barry Shteiman, a self-confessed nerd, who works for an application security company, posted the script on his website for everyone to use.

With a disclaimer of course: “The tool is meant for educational purposes only and should not be used for malicious activity of any kind.”

“What makes HULK dangerous is the fact that a single malicious actor with a single computer could feasibly take down a small, unhardened web server in minutes. We’ve tested the tool internally and it is functional,” commented Neal Quinn, chief operating officer at Prolexic.

“Fortunately, this is not a very complex DoS tool. We were quickly able to dissect its approach and stop it dead in its tracks. It is fairly simple to stop HULK attacks and neutralise this vulnerability with the proper configuration settings and rules.”

Commenting on his website, one enthusiastic user, going by the name of UnderPL, was amazed that a “single dos” could bring down his website. It indicates, perhaps, what it can be used for in a negative context, which can arguably be used as a criticism against Mr Shteiman’s openness and willingness to share, but this would be a mistake.

His creativity, which stems from a genuine interest in this field of study, as well as being a product of a curios disposition, of wanting to think outside the box, is an attribute to applaud, one that has led him to come up with a strategy that might have been developed by a cyber criminal in the foreseeable future and used to full effect without anyone knowing how to deal with it. Now we know the problem, we can strategise.

He therefore embodies characteristics that all IT experts need to have in being the best of the best. This isn’t Hulk gone mad, but “Dr Banner done a very good thing”. As Mr Quinn observed, in this instance, we can all relax.

“There is a lot at stake for businesses online – whether it’s a matter of money, reputation, regulatory compliance or business continuity. No one wants to be down for a second, let alone hours or days,” he expanded.

“Consequently, any threat can cause panic. While many DDoS threats are very real and severe, in the case of HULK, panic is not necessary. PLXsert is happy to share our practical, effective mitigation method that can be implemented on any WAF or content switch, and transform the HULK back into Dr Banner.”

Maybe we were wrong in the intro. Sometimes Dr Banner is much better company in some circumstances. Especially when all we want is a nice brew.