DoS Attacks and Continuity of Operations - Page 2

In this world, security has become even more important for any personal or corporate user.

 By Sean Wilkins
Page 2 of 2   |  Back to Page 1
Print Article

Now the other technique that has been used is the use of access control lists.

These are lists which are configured on the routing equipment which can be used to control which traffic is allowed in and out of a given network element, be it a router or switch (layer 3 enabled) or both.

Now the main problem with these is they are typically static and must be configured during an attack to be at all successful, but even then the sheer number of sources to be blocked makes it not very effective.

There are a number of solutions out there which have been introduced in order to best deal with DDoS attacks.

The two that seem the most popular are DDoS mitigation through anomaly detection and Border Gateway Protocol (BGP) traffic flow filtering.

The way that anomaly protection works is that it looks for signs of a specific attack (not just DDoS attacks).

If the system believes that an attack may be happening it automatically reroutes the traffic to a secondary appliance which is used to verify the findings and screen the attack traffic before allowing the valid traffic into the network.

BGP traffic flow filtering is essentially an extension of the "blackhole” and ACL ideas but with additional intelligence.

When a provider notices an attack, it is able to track the attack down to the specific source and destination address or network as well as the specific protocols and ports which are being used.

This information is then relayed to the provider (or providers) BGP routers which in turn only "blackhole” the traffic with these specific characteristics.

This technology does rely on a large BGP infrastructure which supports traffic flow filtering, the standard which has been developed for this is written in RFC 5575 - Dissemination of Flow Specification Rules.

Ultimately, DDoS protection is a moving target and tracking the best ways of dealing with it will change as the attack types change.

At this time these solutions should be able to mitigate a large number of the current attacks and limit the number of future attacks.

The second part of this is the continued education of the computer user; to completely give up on the end user is not a fruitful option as any computer secured is one less that is exploited.

This article was originally published on Jan 20, 2010
Get the Latest Scoop with Networking Update Newsletter