Security experts have reminded companies worried about
denial-of-service attacks that several options are available for
those whose websites become targets.
Last week, the SCO Group's website was hit by a DDoS attack,
forcing the company to set up another site.
A DDoS attack typically involves thousands of compromised
"zombie" systems sending torrents of useless data or requests for
data to targeted servers or networks.
The SCO attack was launched using systems that had previously
been infected by the MyDoom virus, which contained code that
instructed thousands of infected computers to access SCO's website
at the same time, rendering it inaccessible to legitimate
users.
Stopping the flood of traffic can be very difficult because it
is coming from so many sources, said Bruce Schneier, president of
Counterpane Internet Security.
"From a philosophical perspective, if the attacker's pipe is
bigger than the defender's pipe, the attacker can always knock out
the defender," he added.
There are several approaches companies can take to prepare for
attacks such as this, said Paul Mockapetris, inventor of the
internet's core domain name system and chairman of IP address
management vendor Nominum.
One is to set aside extra network bandwidth and server
processing capacity to withstand sudden surges in traffic. Another
is to "retreat from your domain name" and essentially park your
website at another address while the attack plays out, like
SCO.
Geographically distributing web servers is another approach
worth considering, Schneier said. That way, even if one server or
network segment is taken down by an attack, normal traffic can be
redirected to other servers.
But putting in place extra server processing capacity to handle
DDoS attacks can be expensive and is likely to make sense only for
larger companies, Mockapetris said. "There's a bit of a digital
divide when it comes to the ability of companies to defend
themselves against these attacks."
"The long-term answer to DDoS protection has to be in the
[service provider] networks and backbones," said Gartner analyst
John Pescatore. Upstream service providers are in a better position
to detect and choke off traffic directed at a specific IP address,
said Schneier.
Both Gartner and Schneier said service providers should offer
some sort of guarantee against DDoS attacks. Gartner has been
advocating this for more than two years, urging users to include
DDoS protection language in their service-level agreements with
ISPs and data centre hosting companies.
But less than 1% of companies overall are buying such services,
Pescatore said. "Most enterprises say, 'It isn't raining, so the
roof isn't leaking. Why fix it?' ."
Jaikumar Vijayan writes for Computerworld