Understanding ddos attack & its Effect in Cloud Environment
Yüklə 333,78 Kb. Pdf görüntüsü
|
| 1.1. Understanding The Attack
DDoS attacks are launched by a ff ecting the victim in following forms: • Attacker can find some bug or weakness in the software implementation to disrupt the service. • Some attacks deplete all the bandwidth or resources of the victims system. Attackers scan the network to find the machines having some vulnerability and then these machines are used as agents by the attacker. These are called zombie machines. Spoofed IP’s are used by zombie machines. The design of internet gives rise to many conditions causing denial of service attacks 4 . Some of these features will be explained in this section. Security in internet is dependent on hosts. Attackers compromise the security of hosts to launch DDoS attacks and they use spoofed IP addresses making it di ffi cult to trace attack source. Further internet is full hosts. It gives attacker huge amount of options, out of which vulnerable hosts are chosen. Main target of DDoS attack are resources like bandwidth, CPU etc. and the resources are limited in network. If these resources are increased then impact of the attack can be lowered but still resources will be wasted leading to monetary loss. 1.2. DDoS Attacks In Past DDoS attacks are initiated by a network of remotely controlled, well structured, and widely dispersed nodes called Zombies. The attacker launches the attack with the help of zombies. These zombies are called as secondary victims. The recent attacks in 2013 include the attack in China’s websites, Bitcoin, largest cyber-attack by Cyber Bunker, NASDAQ trading market, Iranian Cyber-attacks on FBI and so. From the above survey most of the victims of DDoS attacks are distributed and shared. Apart from the list mentioned there are numerous anonymous tools emerging day by day. Table 1 lists the DDoS attacks occurred over years and how it evolved 5 6 7 . Table 1. DDoS attacks in past Year Details 1998 First DDoS tools were discovered. These tools were not used widely but point-to-point DoS attacks and Smurf amplification attacks cont- inued. 1999 A trinoo network was used to flood a single system at the University of Minnessota, which made the network unusable for more than 2 d- ays. And massive attack using Shaft was detected. The Data gathered during the attack was then analyzed in early 2000 by Sven Dietrich and presented in a paper at the USENIX LISA 2000 conference. 2000 15 year old boy Michael Calce (Mafiaboy) launched attack on Yahoo’s website. He was then sentenced in juvenile detention center for 8 months. He also went forward to degrade the servers of CNN, eBay, Dell, and Amazon, showing how easy it was to damage such major websites. 2001 The attack size grows from Mbps to Gbps. Efnet was a ff ected by a 3 Gbps DDoS attack. 2002 It was reported that 9 of the 13 root internet servers were under serious threat of DDoS attack. Congestion due to attack made few root name servers were not reachable from many parts of the global Internet, which made many valid queries unanswered. 2003 Mydoom was used to shut down the service of SCO group’s website. Thousands of PC’s were infected to send the data to target server. 2004 Authorize-IT and 2Checkout were Online payment processing firms attacked by DDoS in April targeted. It was later known that the atta- ckers extorted and threatened to shut down there sites. 2005 In August of 2005, jaxx.de, a gambling site was under DDoS attack and to stop this attack, the attacker demanded 40,000 euros. 2006 A number of DDoS attacks targeted the blog of Michelle Malkin. The attacks started on Feb. 15, and continued till Feb. 23. 2007 In December 2007 during the riots in Russia, government sites su ff ered severe DDoS attacks. Access to IP addresses outside Estonia was removed by many of them for several days. 2008 In November 2008, the Conficker worm used vulnerabilities found in Microsoft OS. It uses vulnerable machine and other machines are unwillingly connected to it, to make a large botnet. 2009 On 4th July (Independence Day in the US) 27 websites of White House, Federal Trade Commission, Department of Transportation, and t- he Department of the Treasury were attacked. On 1st august, Blogging pages of many social networking sites (Twitter, Facebook etc.) we- re a ff ected by DDoS attack, aimed at “Cyxymu” Georgian blogger. 2010 Operation Payback: DDoS attacks launched on websites of MasterCard, PayPal and Visa, as they decide to stop giving service to WikiLe- aks. 2011 LulzSec hacktivist group attacked website of CIA (cia.gov). 2012 Many attacks at us banks involve use of itsoknoproblembro DDoS tool. Many such do-it-yourself toolkits are available. 2013 150 Gbps DDoS attacks are increasing. |