Actu
Ian Kilpatrick, Wick Hill: Twitter Attack Could Have Been Defended Against
August 2009 by Ian Kilpatrick, Wick Hill
We’ve read about recent attacks on Twitter to get at the Georgian blogger Cyxymu, which also affected Facebook, LiveJournal and parts of Google. There has been much misguided comment about the risks to the Internet of distributed denial of service (DDoS) attacks and the difficulty of defending against such attacks. Much of the commentary has been about the “impossibility of the saervers to handle the traffic.”
While it isn’t possible to stop the credulity of users who are click-jacked into installing malicious code and becoming unwitting members of ‘botherds’, Ian Kilpatrick, chairman of security specialist Wick Hill Group, says that it is possible for web based organisations to defend themselves against DDoS.
He commented: “A lot of people, including some commentators in the national press, believe that you can’t protect against DDoS attacks. However, the evidence of many online sites, including gaming sites (which are often targeted by criminal gangs launching such attacks yet continue to function normally), is clearly proof to the contrary.”
DDoS attacks are created by flooding a service with valid traffic, until the service fails due to lack of enough resources (a particular problem for router based defences) or bandwidth to keep up with the flood. Up until now, one of the main defences against a DDoS attack has been to take down the service, which effectively makes the attack successful.
However there are solutions available which will give you proper protection and make this extreme and undesirable remedy unnecessary.
Allot’s ServiceProtector
Allot’s ServiceProtector is a behavioural threat detection system which protects against DDoS attacks, botnets and zero-day attacks, providing real-time detection and mitigation of threats at the network level.
Behavioural threat detection offers significant advantages over traditional intrusion detection systems (IDS)/intrusion prevention systems (IPS), which rely on signature-based recognition and are often playing catch up with the attackers.
Allot’s ServiceProtector solution detects and reacts to attacks in real-time, yet does not suffer from the false positives that are common in today’s IPS/IDS systems, due to the unique way it detects threats.
ServiceProtector accurately identifies the attacks in real time and when coupled with Allot’s NetEnforcer range of traffic management devices, mitigates the attack automatically by throttling the attack’s bandwidth, without causing a loss of service.
ServiceProtector can also detect botnet threats by identifying infected users on the network and isolating them from such activities as outbound spam and port scanning.
In a recent deployment on a service provider’s network, Allot’s ServiceProtector technology was able to detect and report on an actual DDoS attack taking place against a UK betting website.
Kilpatrick concluded: “For users running internet-based mission critical applications, DDoS attacks can be protected against and it is not necessary to be exposed to the risks of financial loss and a harmed reputation caused by botnet attacks”
