Denial of Service (DoS) attacks still remain a popular attack vector for criminals against organizations to remove the availability of their internet access and thus preventing people the ability to access their website. Since UDP is a connectionless protocol, it can easily be spoofed, which makes it an easy attack vector against the websites. The FBI recommendations in the Private Industry Notification are a good start for every organization to implement to protect against Distributed Denial of Service (DDoS) attacks.
Complementing the PIN, there are additional tactics to consider for an organization\’s robust security program to protect against DoS. These include the ability to not allow unsolicited DNS responses, which can prevent against reflection attacks. With these query floods constantly hitting the DNS servers, organizations can configure their DNS server to not respond to the same queries if a response was recently sent, as a real request will not send the same query over and over if it\’s been resolved. Finally, the servers can be configured to force the DNS requests to prove they are not spoofed, and therefore drop those requests if the request is unable to do so.
While there is technology readily available to support organizations from these DoS attacks, they are unable to spend the resources to implement measures against the risk they accept in the event of an attack and possibly the loss of productivity; and further, most likely an impact to their bottom line.
Having watched how infrastructure like the Bullet Proof Proxies has grown over the last year we have seen these types of networks and the BOTs that run on them, perform all manner of strange activities. The concept behind a denial of service is a resource starvation of some kind. When you can distribute the resource load to hundreds or thousands of devices making 1 or 2 requests, the load is barely noticed from the attacker and can completely disable the victim. Attacks like these are often single requests in nature and run on robust infrastructure. I would expect that this type of attack is going to increase over time as the political scene ramps up over this coming year.
I think the most important thing to understand is why the attack is happening. Political motivation is a generalization, is someone trying to destabilize or prevent our political system from working? Who benefits from this? I would really like to follow the money and see what the actual motivation is.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics