Resources Banner

FAQ

Denial-of-Service Attacks

What is a DoS Attack?

A denial-of-service (DoS) or distributed denial-of-service (DDoS) attack consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.  This is achieved by making servers or network resource unavailable to their intended users.  

A DoS Attack involves the use one computer/Internet, whilst in a DDoS attack, the execution is by way of a distributed computing method, and thus its effect can be multitudes larger.

 

Targets and Motives?

The targets and motives for DDoS attack vary considerably.  

Any organisation can be a target – they just need to have an online presence. Some targets are more obvious – such as those whose business depend on delivering services over the internet such as online gaming sites, financial services firms and payment processors.  Some targets are less obvious, like governments and news services providers.

The motives can be malicious, and range from sabotaging rivals, obtaining financial gain (extortion), exacting revenge, to those wishing to express anger and criticism or simply for those seeking fame.  However, sometimes attacks were unintended, such as those self-induced due to mistakes.

 

Effects of DDoS

Attacks on organisations typically cause significant financial loss due to business stoppage or reduced ability to function.  Flow on effects or impact include damage to reputation or confidence leading to reduced number of users of the services offered.

 

How does a DDoS attack shut down a web site?

DDoS attacks are implemented by either forcing the targeted server(s) to reset, or consuming its resources so that it can no longer provide its intended service, or obstructing the communication media between the intended users such that the victim can no longer communicate adequately.

These attacks rely on the computing power and bandwidth of Botnets to send huge amounts of traffic at a specific website.  

 

What are Botnets?

The term Botnet is the generic name given to any collection of compromised computers that are controlled by an attacker remotely. 

Botnets are typically created by an attacker or group of attackers by using malware to infect a number of computers.  The number of infected computers typically ranges from hundreds to hundreds of thousands or even millions.  The individual computers are compromised this way are known as “bots” or “zombies”, and the collective is referred to as Botnets or Zombie Armies.  The controller of these zombies is known as Botmasters. 

Botnets can communicate and cooperate with other Botnets, which means entire communities of Botnets could be created.  These communities may have individual or multiple bot masters.  For DDoS attacks, this means there may be multiple origins of even a single act of attack.

Botnets can be a business, and can be rented from various sources.  It is so prevalent that marketplaces have sprung up for trading malware-infected PCs, which can be rented and used in Botnet DDoS or other attacks.

 

Types of DDoS attacks

Some common examples of DDoS attacks are:

  • TCP Stack Flood – TCP Flag, TCP FIN, TCP RST, TCP SYN
  • Generic Flood – Ping, Reflections, Smurf, UDP Flood
  • Fragmentation Attacks – Teardrops, Targa3, Jolt2
  • Application – HTTP Header, HTTP malformed

 

General techniques to mitigate DDoS attacks

Each type of attack is matched with the best mitigation techniques and technology to defeat the attack.  Some of these techniques are:

  • Filtering
    • Static filters are used to block nonessential traffic from ever reaching the target.
    • Dynamic filters are created and used by observing behaviours and analysing traffic flows.  Appropriate actions are then defined to verify suspicious flows or to block sources.
  • Active Authentication
    • Mechanisms are used to identify legitimate traffic to ensure only valid packets are kept
  • Content / Package Analysis
    • Baseline behaviour is recorded over time and compared to determine if there are any deviations from normal operations that would identify the source of malicious packets to provide a basis for blocking the incoming traffic or to trigger analysis of the data.

 

How is C2 SQUARE different from other provider of DDoS mitigation services?

Many network or Internet-related service providers offer DDoS mitigation capabilities and you may be using those already. However, most of these firms rely primarily on automated tools and have limited network capacity to absorb large attacks.  In addition, most of the providers are based in North America or Europe. 

C2 SQUARE has proprietary tools, experienced teams who can respond in real-time to analyise attack characteristics, and has a large mitigation network.  C2 SQUARE is based in Asia and knows the intricacies of working in the region.

 

 

Managed Network Services

What are Managed Network Services?

Managed Network Services lets you offload specific IT operations to a Service Provider or Managed Services Provider (MSP) like C2 Square.   The MSP assumes the ongoing responsibility for monitoring, managing and/or problem resolution for selected IT systems and functions on an organisations’ behalf.

 

Why look for a Managed Network Services Provider?

The resources to support an increasingly complex ITC environment can only increase in time, particularly as the business expands.  With it, resources can become quickly overwhelmed with even just the day-to-day responsibilities of just keeping the IT infrastructure that the business depends on up and running.  

By using an MSP, an organisation can direct its attention back to revenue focused core operations, and achieve two perennial business objectives - lower expenses and better allocate resources.

 

How can I lower expenses?

There are a number of ways using an MSP can lower expenses for an organisation, some of these are:

  1. Employees count for significant costs for most organisations.  By using an MSP, organisations can deploy resources that maximise employee productivity for core operations, whilst non-core operations such as IT can be outsourced to reduce expenses.
  2. The proper management and maintenance of components can result in better usage and longer lifespan which means that those systems do not have to be upgraded, altered or replaced unnecessarily or uneconomically.

 

What are the other Benefits?

Some benefits of using MSPs are:

  1. Access to knowledge and expertise – MSPs provide access to more specialised skills than an organisation might have or would need to hire.  MSPs have specialists who continuously keep up to date with technology and practice innovations.   They can advise, determine and implement applicable technical innovations and solutions rapidly and at reasonable costs.
  2. Pro-active management – MSPs have a vested interest in ensuring systems run effectively and efficiently with minimal downtime.  Hence, rather than waiting for something to happen, MSPs continuously monitor, anticipate problems and implement actions resulting in the highest levels of availability.
  3. On-demand support – MSPs can provide services 24x7.  This means support is available on demand rather than limited to office hours, or the need to hire additional staff to cater for after hours support.