MTE Explains: What Is DDoS and How Can You Protect Yourself

If you’ve been keeping up with activities led by hacking groups such as Anonymous, you’ve probably seen the words “DoS” and “DDoS” pop up. In case you’ve been wondering what they are and how they affect you, we’ll delve into that and also mention a little bit on the the possibilities of protecting yourself from such an attack.

DoS and DDoS are both attacks that are carried out on a particular computer or server. Both of these attacks have one thing in common: They flood the destination server with connection requests and/or data. The goal of both attacks is to overwhelm the server with so much data that it will simply stop accepting new connections. Other users will not be able to use the services provided by that network endpoint. In other words, if someone succeeds in attacking a website through a DoS or DDoS attack, you won’t be able to connect to it.

The difference between the two terms lies simply in the number of computers attacking.

DoS, or “Denial of Service,” attacks are carried out by one single computer.

DDoS, or “Distributed Denial of Service,” attacks are carried out by multiple computers (either voluntarily or involuntarily).

Both attacks can be dangerous, but DDoS is the most dangerous of all.

While a DoS attack may involves one single computer just running a DoS “tool,” a DDoS attack is often much more sophisticated. DDoS attacks are usually carried out from within botnets. A botnet is a group of computers that have been rounded up against their will, usually because of a virus or something else. They all connect to a central “command center.” This command center can be something as simple as a private password-protected chatroom. After the computers have all connected to the terminal, the hacker can simply command all of the connected computers to flood the target machine. A typical botnet looks like this:

ddos-botnet

Sometimes, this involves thousands of computers, all pouring the full brunt of their bandwidth into one server. This poses an extreme risk.

There are two ways to be a victim of a DDoS attack: Your computer can either be infected with the botnet virus, or you can be the target of a DDoS attack. Both of them can pull you offline for a very extended period of time! I’ve had a DDoS attack flood my servers with over 8 Gbits/second of data for an entire week. This really interrupts many things, and the infected computers didn’t even know that they were attacking me.

Although a corporate network is more likely to be on the receiving end of one of these bad boys, it’s good to be protected at all times. I’m going to tell you a harsh truth: There’s little you can do to prevent a DDoS attack from ripping your bandwidth to shreds. A firewall will only do so much. One decent way to defend yourself against DDoS is to buy a decent switch or router with network-level packet filtering technology.

But even that method is kind of ineffective. If you really want to protect yourself, you’d better hope you have a dynamic IP. This will allow you to change your IP address any time you disconnect from the Internet and connect to it again. You can do this by unplugging your router and plugging it back in again. If you have a static IP, there’s nothing you can really do except wait out the attack or call your Internet service provider (ISP) and ask them to change your IP. This strategy will allow you to finally have some breathing room.

That’s not all you should do, though. Changing your IP is just one step of many (and probably the last step you should follow in the entire strategic process). You should close any program you use on the Internet (Outlook, instant messaging, syncing utilities, etc.) and then just open your browser to look through the web. Do this for a few days. Afterwards, you can pop your head out of the water to see if all is safe. Doing this puts you below the radar. Using an application like AdvTor in tandem with your Internet utilities can really confuse a hacker trying to attack you with a DDoS. It hides your IP and allows you to resume all operations safely while you wait out the attack.

In fact, one of the best ways to prevent a DDoS from ever affecting you is to use a proxy or the previously-mentioned application at all times. When you hide your IP, you give yourself more power.

First of all, software firewalls are very effective at stopping a virus from penetrating your network. The only times they’re ineffective is when you accidentally add a virus to the firewall’s application exception database. Check what programs are listed as exceptions. If any of them seem suspicious, do a quick search on the web to determine whether it’s something you should be worried about.

In general, keeping a healthy and strong antivirus application on your computer helps you stop these kinds of things from happening. There are exceptions (such as newly-created “0-day” viruses). In this case, you should go back to your firewall. Configure it to disable your Internet connection for absolutely everything except applications that you allow. Better yet, clear the exception list entirely. When a program asks to use the Internet, a notification will appear asking you to approve its use.

If you don’t feel confident that you’ll catch the virus this way, use a network monitoring application like netmon from Microsoft.

ddos-netmon

The image above shows how netmon looks after I’ve started a new capture for a few seconds. It shows me exactly what programs are using my Internet connection on the left-hand panel. This transparency can help you tell whether there’s a program using your Internet connection without your consent.

While you may not be a likely target of a DDoS attack, you’re better off if you’re armed with the knowledge necessary to combat one. If you have any questions, please leave a comment below, and you’ll get an answer to you quickly!