Attacks are becoming criminal and professional

Protect yourself from blackmail

Besides the threat of so-called "script kiddies", that is, young computer experts wishing to prove themselves, another, more recent threat is spreading quickly:

Criminal attacks with commercial or ideological aims

In this new type of attack, criminals work professionally and target victims very specifically. These very well prepared attacks

make use of extremely large resources
draw on tremendous expertise
blackmail victims

The methods of attack

often utilize a combination of the following options, yet they are always launched from infected host systems (i.e. badly configured computers, run by naive users, that are infected by a so-called Trojan):

Threat 1: bandwidth & number of packets

If the attacker has access to "only" 500 infected computers with ADSL connections, he or she already has a total bandwidth of 64 Mbit/s (megabits per second) and can transmit up to 128,000 IP packets (network data packets) per second; a good server can process between 10 and 40 thousand packets a second. This kind of attack can be deadly for:

Server performance
Router, firewall and load balancer performance
uplink bandwith, including that of the provider

Threat 2: SYN flood

In this case, a normal Internet connection is apparently initiated, yet no more than the initial sequence is sent. The server, however, in keeping with the protocol, continues to wait for additional packets. This leads to an overload and, finally, to a server crash, because its systems are only able to handle a limited number of such requests at the same time. This threat affects:

Server performance
Router and firewall performance

Threat 3: application load & flaws

By targeting requests, just four normal PCs were able to overload a well-known Internet banking application. This occurred even though there was enough bandwidth available and the requests were distributed over (supposedly) enough systems. Potential victims are first analyzed, then attackers send normal requests to the victim's servers. The requests are so well targeted that they are enough to cause server failure.

In addition, a large number of applications contain weaknesses and potential sources of error that are not evident in normal operation. Yet experienced hackers are able to identify these weak spots . and take advantage of them very quickly. Firewalls offer no real protection here, since the aim is not to intrude but merely to make the victim's services unavailable.

In the normal case, all of these threats are carried out at the same time and take up bandwidths of over 1 Gbit/s!

Countermeasure #1: defense!

There is usually no point in trying to hunt down the party attacking you. It makes more sense to act quickly in defense.

Guardian: Hacker offers to shut Putin's website

In the spirit of the free market computer hackers in Russia have put their services up for sale, offering to "take out" any website for a price. more ...


	Protection Levels \| Admin Interface \| Redirect Mode \| VLAN + MPLS \| DDoS-Guard data sheet


	Carrier and Provider \| Key Accounts \| eGovernment \| System Integrator