LoveMyTool - Open Community for Network Management and Monitoring

The named targets (from the FBI alert paper) are  (This may change or others added before the 25^th) –

  

I was just working with Anue Systems with a paper on how to test your network and see what your vulnerabilities are using their World Class Emulation tools to emulate different attack scenarios. If you are going to test you should use Emulation tools and not simulators.

There are different types of DDOS attackes…actually DDOS means Distributed Deniability Of Service, so a DDOS is a sophisticated DOS attack using Botnets from many other internet sites. Most companies will just set up some electronic boundry device like a Firewall but few every test against attacks especially real world emulated attacks like a DDOS.

The goal of a DOS attack is to flood the targets services and capacity by sending a stream of requests to a service. Port or IP address in the hope of exhausting all the targets resources like memory or processor capacity or until something fails and they can get into the targets network.

These attacks are focused on Jamming the targets ports..etc, Flooding different services, Overwhelming Mail servers and attacking the devices that are attempting to protect the targets network – Fire Walls, Routers, Servers, Switches…etc!!

DOS attacks come in many forms, starting with Ping attacks which cause the attacked address to respond to an Echo Ping.

Some other Dos attacks are:

• FTP Bounce Attacks – File Transfer insertion attack
• Port Scanning Attack – A common hacking attack modality – Scanning all the ports to find an open and accessiable entry point into a network.
• Ping (ICMP Echo Ping) Flooding Attack – Exactly what it says it the Ping from Hell attack that can collapse many systems OS.
• Smurf Attack – or an inside attack is a modification of the "ping attack “that turns the targets own system against him  by sending Echo Pings to the nearby broadcast addresses with the victim’s return IP Address. The inside IP addresses (the inside range of accessible addresses) from the inside system will send pings responses to the victims IP address thus bombarding the victims machine or system with a constant flow and eventually an overflow of response ICMP pings thus virtually killing the target.
• SYN Flooding Attack – sometimes referred to as the "TCP three-way handshake” attack! This uses a well-known issue within the TCP handshake process to cause confusion and thus gain access or take down the targeted network.
• IP Fragmentation/Overlapping Fragment Attack – This gets the servers to hold fragment packets with the intent of flooding the memory resulting in reboot and access loss.
• IP Sequence Prediction Attack – User with the SYN flood attack the attacker gets access to another computer and can take control. This attack can be mitigated by using random packet sequence numbers.
• DNS Cache Poisoning – A Spoof attack against stored DNS addresses. Devices can be redirected to malicious sites/addresses or access to the Internet can be blocked entirely.
• SNMP Attack – If you use SNMP v3 this attack may not be possible as everything is encrypted, but it still can happen where the attacker gets and uses the SNMP info to remap network, flood NMS systems…etc.
• Send Mail Attack – This attack is when the attacker using other BotNet infected sites to send mail to an address or a series of addresses in the hope of flooding the mail server thus causing a shut down and thus the users wil not have access to the network.
• There are other attacks like these and the nefarious internet world is always looking for more ways to attack users and businesses through the internet.

These attacks usually do not make the news but nor make the newspaper front page, but downtime on major websites will and is very costly not only in monetary loss, intrusion losses but also corporate image! These and all threats are serious and cause millions of dollars in losses every year.

Even a user playing with a simple ping package can cause a network to virtually go down and stop all traffic and access. Professional hackers can and do account for Billions of $ of loss annually worldwide, DDOS attacks with the massive distribution of Botnets is the #2 costly attack method and is just under malicious code issues and attacks.

DDOS attacks can actually help to implant Malicious code, new definitions and open links and more.

So I guess the question is have you tested your network with real attack emulation practices to see if it can fend off a DOS attack, can you even recognize an attack and/or do you have a method to be able to mitigate the losses from the attack????

More info on the cost of CyberCrime 2011, get this free Ponemon Institute report - http://www.arcsight.com/collateral/whitepapers/2011_Cost_of_Cyber_Crime_Study_August.pdf

The two best emulation companies in the world are Anue Systems and Ixia Communications, they are now one company with incredible and internationally accepted, tested and certified emulation and filtering technology solutions! This recent acquisition may wind up being the acquisition of the century as their union is one of the most synergistic combinations of two real world technology leaders based on the most innovative and robust hardware solutions with the easiest yet most powerful GUI interfaces. They are both leaders in their respective areas and combined they represent the Best of the Best!

Why are you not testing your network for attack predictions, new applications, load diversity…etc

If not you should get ready to be attacked by a 10 year old, who can steal all the Golden information of your company plus cost you a lot of money!

By the way, you have to protect yourself!

Do you have a SES (Security Effectiveness Score) number, which is a score based on 24 security features and practices that are deployed and tested in your network, see report above?

So be a Network Boy Scout® – Be Prepared! Test and do not guess! Predict Success instead of finding Failure!

I wish everyone Great Success with less stress……Tim - The Oldcommguy®