Symantec: DDoS attacks hard to defend

In light of botnet attack on online merchants, security expert warns that while measures can be exercised, such attacks in general are difficult to prevent totally.
Written by Tyler Thia, Contributor

It has surfaced that the distributed denial of service (DDoS) attacks on Visa and MasterCard Web sites on Wednesday were carried out by a toolkit known as low orbit ion cannon (LOIC).

In an e-mail interview with ZDNet Asia, Ronnie Ng, senior manager for systems engineering at Symantec Singapore, explained that LOIC is a network stress testing application that attempts a DOS attack on the target site by flooding the server with TCP, UDP and HTTP requests. The intention here is to disrupt the service of a particular host.

It is widely understood that there are free attack toolkits readily available on the Web, and LOIC is one of them.

"There are many applications out there that are capable of carrying out such attacks, some of which are legitimate, depending on the user's intention, and can be found with a simple search," Ng added.

"However, there are many underground tools also designed for malicious use that can be utilised efficiently with methods such as botnets. Even a simple tool that sends out small packets can have a great impact if used collectively," he said.

While the DDoS form of attack is not new, the security expert gave consolation that cyber criminals are not always one step ahead of protection that Web merchants have today.

Ng said: "Attackers are constantly looking for ways to get the information they are after. This varies from using DoS to exploiting vulnerabilities--low or high severity ones--to compromise a system."

He added that as protection technologies continue to evolve to provide maximum protection, proper patch management and user awareness of today's cyber threats are necessary to ensure a higher security stand.

While it is possible to maintain high-level security for the payment merchants, Ng admitted that difficulties remain in defending against typically distributed DDoS attacks.

"Online merchants will need to audit gateways and firewall rules to ensure they are capable of dealing with small-scale everyday attacks and have comprehensive policies in place to defend themselves against large-scale attacks," he said.

Some of these policies can include more aggressive packet filtering, setting adjustments to determine how and when packets may be dropped, implementation of rules for IP addresses, and IP address block blacklisting when certain thresholds are reached, the expert recommended.

Visa and MasterCard's sites were hacked on Wednesday by a network of 15,000 online activists, who coined the attack "Operation Payback". This was carried out in retaliation of the credit card companies and PayPal's announcement that they would no longer process donations to WikiLeaks.The hackers also tried to hit Amazon.com, but failed.

The group of hackers, called Anonymous, have vowed to target British government Web sites if WikiLeaks founder, Australian Julian Assange, was extradited to Sweden, where he is wanted over allegations of sexual assault. Assange is now in remand in the U.K. over rape charges.

In a separate development, several ex-members who participated in the WikiLeaks program have said they are planning to launch a new site, known as OpenLeaks, to continue to support whistle-blowing activities.

In the Netherlands, Dutch police confirmed the arrest of a 16-year-old teenager who has admitted to participating in the attacks.

Editorial standards