Online malcontents who try to take down web servers now face a new kind of defence system that can fight back. A common attack known as distributed denial of service (DDoS) knocks websites offline by flooding them with traffic from a horde of infected computers, or botnet. Yuri Gushin and Alex Behar of the internet security firm Radware, based in Tel Aviv, Israel, say they have turned this attack back on its perpetrators.
Most current DDoS defences work by blocking connections from attacking computers or throttling data rates to let only a certain amount of traffic through. But these methods can't handle the larger attacks that are increasingly common. "Today's technologies are not cutting it," explain Gushin.
The pair's more sophisticated technique manipulates an attacker's connection in order to make botnet computers work harder. By intentionally ignoring part of the intended connection request they are able to trick the attacker's computer into making a very slow connection to the server as it continues to try to make contact. This lasts for around 5 minutes. When the attacking botnet computer is slowed down in this way it will automatically try to send new connection requests, badly affecting its performance. Eventually the botnet computers making the attack will be forced to give up, depending on the instructions given to them by the botmaster who launched the attack.
This approach proved successful last year, when Gushin and Behar helped defend against attacks perpetrated by Anonymous, the loose collective of internet activists that took up digital arms to fight for WikiLeaks. "We were able to really turn the tide on the attack," says Behar.
0 comments:
Post a Comment