Internet slows down after DoS attack using DNS
11 years 8 months ago #38285
by S0lo
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Internet slows down after DoS attack using DNS was created by S0lo
www.guardian.co.uk/technology/2013/mar/2...-slows-down-internet
www.nytimes.com/interactive/2013/03/30/t...s-unfolded.html?_r=0
www.nytimes.com/interactive/2013/03/30/t...s-unfolded.html?_r=0
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
11 years 8 months ago #38290
by sose
sose
Network Engineer
analysethis.co/index.php/forum/index
Replied by sose on topic Re: Internet slows down after DoS attack using DNS
I stopped using public DNS on servers I configure, and stick to my ISP's DNS server. But those private DNS servers still have to querry public DNS servers to function well.
Those it mean that there is no effective way of handling DDOS attacks ?
Those it mean that there is no effective way of handling DDOS attacks ?
sose
Network Engineer
analysethis.co/index.php/forum/index
11 years 8 months ago #38291
by S0lo
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Replied by S0lo on topic Re: Internet slows down after DoS attack using DNS
As you know, DoS does not attack a vulnerability or a hole in a system, it simply stresses the system to the limit that it can not handle any more traffic, so it either crashes or gets overwhelmed that innocent traffic simply get droped.
What makes this more difficult is that it is relatively easy to FORGE the SOURCE ip address of the attacking packets, making those packets practically untraceable to the REAL source, except with much deeper forensics measures that involve human and 3rd party resources.
Probably the best way (which is not always possible) is to stop the offending traffic at it's source where it originates. But this can involve changing ISP or company policies that might exist in different parts of the world that are in no way under our control.
What makes this more difficult is that it is relatively easy to FORGE the SOURCE ip address of the attacking packets, making those packets practically untraceable to the REAL source, except with much deeper forensics measures that involve human and 3rd party resources.
Probably the best way (which is not always possible) is to stop the offending traffic at it's source where it originates. But this can involve changing ISP or company policies that might exist in different parts of the world that are in no way under our control.
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
11 years 8 months ago #38292
by sose
sose
Network Engineer
analysethis.co/index.php/forum/index
Replied by sose on topic Re: Internet slows down after DoS attack using DNS
In this case should organizations always have a redundant ISP connections so that they can quickly swap connections.
DDOS is the atomic bomb of the Internet world or rather the HIV of the Internet world.
It either choke your bandwidth or overwhelm your system unit. In a scenario of DDOS attack organizations double their bandwidth or use their ISPs to filter traffic. But I think operating system programmers have a lot to do in terms of how OS handle queries.
DDOS is the atomic bomb of the Internet world or rather the HIV of the Internet world.
It either choke your bandwidth or overwhelm your system unit. In a scenario of DDOS attack organizations double their bandwidth or use their ISPs to filter traffic. But I think operating system programmers have a lot to do in terms of how OS handle queries.
sose
Network Engineer
analysethis.co/index.php/forum/index
11 years 8 months ago #38293
by chrnxR
the dreams of yesterday are the hopes of today and the reality of tomorrow.
-Robert H. Goddard
Replied by chrnxR on topic Re: Internet slows down after DoS attack using DNS
If both of the internet connections are actively used, DNS Load balancing for example, they will most likely both get crashed. Chances are smaller because of the higher bandwith, but considered todays ddos attacks being 60 to 300+ Gbit/s traffic it wont change anything in nearly all cases.
If the second connection is only used as a kinda "spare" connection as u said, the core problem still remains: Your systems crashes or drops everything. After all someone has to react and check/repair either way.
There are also proxy solutions with high bandwith availabillity, where the traffic is checked and then forwarded. The advantage is your infrastructure wont get hurt, and small attacks can be withstood. But the same problem as above stays, if the proxy gets crashed due to the traffic ur still ****** and have to react. Or in better words the company you pay for the proxy has to react.
after all, there will never be a 100% effective way to deal with it.
If the second connection is only used as a kinda "spare" connection as u said, the core problem still remains: Your systems crashes or drops everything. After all someone has to react and check/repair either way.
There are also proxy solutions with high bandwith availabillity, where the traffic is checked and then forwarded. The advantage is your infrastructure wont get hurt, and small attacks can be withstood. But the same problem as above stays, if the proxy gets crashed due to the traffic ur still ****** and have to react. Or in better words the company you pay for the proxy has to react.
after all, there will never be a 100% effective way to deal with it.
the dreams of yesterday are the hopes of today and the reality of tomorrow.
-Robert H. Goddard
11 years 7 months ago #38305
by sose
sose
Network Engineer
analysethis.co/index.php/forum/index
Replied by sose on topic Re: Internet slows down after DoS attack using DNS
here is another one on DDOS atack on build more intelligent routers
www.techrepublic.com/blog/security/softw...s_cid=e036&ttag=e036
www.techrepublic.com/blog/security/softw...s_cid=e036&ttag=e036
sose
Network Engineer
analysethis.co/index.php/forum/index
Time to create page: 0.153 seconds