DDOS, or Distributed Denial of Service is an advanced version of DOS (Denial of Service) attack. Like DOS, DDOS also tries to deny important services running on a server by broadcasting packets to the destination server in a way that the Destination server cannot handle it. The speciality of the DDOS is that, it relays attacks not from a single network/host like DOS. The DDOS attack will be launched from different dynamic networks which has already been compromised. (more…)
Shell shock rescue – Tracing a bandwidth spike to outbound DDoS through the infamous Bash vulnerability
“This definitely is a problem with your monitoring system! I never used this bandwidth. I was on holiday!”
The accounts department of the data center we managed referred this customer concern to us. His un-managed dedicated server showed a bandwidth spike of 20 times the normal usage, and had resulted in bandwidth overages charges.
The monitoring system was showing perfect stats for all other servers, and it looked like something that happened in the customer’s server.
Last post on Identification of DDoS attack did not cover analysis of the attack, in cases wherein bandwidth graph’s and connection status aren’t conclusive. In such a scenario, the best means is to inspect the packets coming into the server, and this can be done by examining the packets using tools like tcpdump.
“tcpdump” is a popular sniffer command that does a good job. Using the switch “tcpdump -w”, one could write the output to a file, which could then be analyzed using tools like wireshark to get to the bottom of the attack. You could easily get the protocol in question, and also perform multiple filtration’s to the results. More on it could be read from here. (more…)
If you are a hosting provider, chances are that you’ve experienced a DoS/DDoS attack against a domain or a server. If so, you already know how frustrating it can be to tackle such an attack.
For those who are yet to feel the heat of it, its better to be prepared to identify an attack in real time. Many believe that the outcome of DoS/DDoS is disruption in service. Many a times, it does not fully disrupt the service, but the drop in quality of service leaves it in a state where it would be better if the the service isn’t rendered at all. After all, waiting 5 minutes for a web-page to load, isn’t worth it! (more…)