The fallout from the DDoS attack that hit Twitter, Facebook, YouTube and other Web 2.0 sites continued even after the attack had officially ended. Hacktivism or not, Web admins need to take precautions to protect against DDoS attacks.
The
fallout from the distributed denial-of-service attack that
hit
several Web 2.0 sites Aug. 6 has taken a couple of twists and turns.
Besides knocking out
Twitter for a time on the Aug. 6, the attack triggered a response from the
company that a day later disrupted service for some users.
According
to Twitter, its defensive measures blocked some Twitter clients from
communicating with Twitter's
API, leaving them unable to tweet via
SMS.
If that wasn't enough,
researchers at McAfee found attackers have begun leveraging interest in the
situation to spread malware by using
search
engine optimization techniques to lure users into clicking on search
results leading to malicious sites.
All this because of an
apparent act hacktivism targeting a pro-Georgian blogger named "Cyxymu."
"It's not surprising that
political motivation is mentioned where major DDoS attacks are concerned, as
many services now play key roles in politically charged events," said Chris
Boyd, director of research at FaceTime Security Labs. "However, it's important
not to get carried away with 'the Reds under the bed' way of thinking-
recent
attacks on key
U.S. Websites
were blamed on everyone from
China
to
North Korea, with no smoking
bullet evidence that these attacks were ever officially sanctioned."
What is known is that the
attack hit Facebook, Twitter, YouTube, Fotki and LiveJournal. Researchers are
still on the trail of whoever was behind it, but have determined the attack
packets sent to the Websites were requests to fetch pages hosted for the
blogger, who reportedly had just recently blogged about the upcoming
anniversary of the war between
Russia and
Georgia.
Between this incident and
the recent DDoS attacks targeting both public and commercial Websites in the
United States and
South Korea, Web administrators are advised to
take precautions to secure their own sites, said John Harrison, group product manager
at Symantec Security Response. For starters, admins should have spare IP
addresses registered as well as the ability to swap them in for attacked IPs
via DNS. They should also familiarize themselves with the capabilities of their
ISP and have a monitoring system to provide an early warning.
"When under attack, there
are a variety of mitigation techniques; most are specific to the type of DDoS
attack," he said. "Use technologies, including firewalls and routers, to block
or redirect IP addresses and types of traffic. Involve others, the ISP and
perhaps the ISPs of attacking clients. Web admins can add the additional
IP addresses they have in reserve and move services off the attacked
servers."
There isn't too much end users
can do, but they should steer clear of any sites affected by a DDoS while it's
going on.
"Computer users are
also encouraged not to visit sites that are rumored to be under a DDoS attack
for the sole purpose of seeing what happens," he said. "This -rubbernecking' type
of activity, similar to that which happens when there is an accident on the
freeway, only causes an increase in traffic to the site, which will only delay
access to the Website even longer and prolong the attack."
Email
Print
