THE MOST DANGEROUS DDoS ATTACK
DoS: Denial-of-Service = It is a malicious attempt by a person or group of people to cause the victim or site to deny service to legitimate users (its customers).
DoS: when a single host attacks.
DDoS: Distributed Denial-of-Service = when multiple hosts attack simultaneously.
DDoS is a type of DOS attack where multiple systems, which are compromised and infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack.
Name itself says it is distributed, as it is distributed over a large group of computers it is known as Distributed Denial-of-Service. To perform this attack, attackers will be using a Zombie network or army which is a group of infected and compromised computers.
During this DDoS attack, the website may become unreachable since the server is being flooded with bogus requests and cannot process the valid ones.
Why will hackers attempt this attack?
Here are some reasons behind this attack.
- Their Revenge and Challenge
- Experiment and Fun
- Attacker’s Prestige
- Shut down a site
First DDoS attack:
Morris Worm (November 2, 1988)
Robert Tappan Morris created this worm when he was a student at Cornell University. According to him the purpose of the worm was to gauge the size of the Precursor of “INTERNET” of the time ARPANET. Although it unintentionally caused Denial of Service for around 10% of 60000 machines connected to ARPANET IN 1988.
This worm is Self-replicating and Self-propagating.
This worm was copying itself on the same system over and over, and over and over, and over and over. As a result, the network was crashed, all 60000 nodes of the network.
The United States court case resulted under the 1986 Computer Fraud and Abuse Act, with Morris receiving a sentence of 3 years in prison, 400 hours of community service (voluntary work intended to help people in a particular area) and a $10000 fine.
Vulnerabilities behind this:
- Exploited software commonality (sharing features).
- Fingerd buffer overflow exploit (a tool that showed which users were logged on to the network)
- Sendmail root vulnerability (e-mail routing software)
Biggest ever DDoS attack
On Wednesday, 28th Feb 2018, GitHub survived the biggest DDoS attack ever recorded.
Time was about 12:15 PM, 1.35TB per second of traffic hit the developer platform GitHub all at once (126.9 Million packets per second). It was the strongest DDoS attacked recorded to date. in 2016 the largest recorded DDoS attack (which was launched on KrebsOnSecurity.com) measured in at 665 Gigabits of traffic per second.
Once they found their outages, within 10 minutes it had automatically called for help from its DDoS mitigation service, Akamai Prolexic. Prolexic took over as an intermediary and blocked the malicious packets.
GitHub experienced site outages for some users due to a massive DDoS attack being launched on the site. status.github.com says the site experienced issues for more than an hour before fully recovering.
An interesting fact is that attackers did not use any botnet network or army, instead of this they weaponized misconfigured Memcached Servers to amplify the DDoS attack.
“Between 17:21 and 17:30 UTC on February 28th we identified and mitigated a significant volumetric DDoS attack,” GitHub wrote in an autopsy of the event Thursday. “The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints.”
The vulnerable service was Memcached service which was running in port number 11211.
You can mitigate Memcached amplification attacks by setting up an incoming rate-limit on port number 11211, according to Akamai.
Illustration by Cloudflare
It works as – An attacker spoofs their IP address look like the victim’s IP address, they send a forged request to a vulnerable Memcached Servers
Both Cloudflare and Akamai predict “many more, potentially larger attacks” in the near future. Both companies are soliciting help to find out who sent the massive attack as well as to fix the vulnerable protocols and IP spoofing that make the attack possible.
Mitigation techniques for the DDoS attack.
Nothing can be done to entirely prevent DDoS.
- Minimize the dangers
- Effective and robust design.
- Bandwidth limitations.
- Keep systems and servers patched.
- Do not use unnecessary services. Run the least amount of services.
- Implement a strong firewall, Switches, and Routers
- Allow only necessary traffic.
- Block suspicious IP address.
- Use services such as CloudFlare or Incapsula.