Home » Defense in Depth

WikiLeaks Under DDOS Attack

Posted 28 Nov 2010 | Comments Off on WikiLeaks Under DDOS Attack | 1,702 views

It has been just over thirty minutes since CNN reported that WikiLeaks was under a DDOS attack. A DDOS or distributed denial of service attack is a network-based attack that attempts to overwhelm a service by sending it too many simultaneous requests to respond to in a timely manner. The massive number of requests makes the service unusable for legitimate users trying to get to the site. The WikiLeaks website responded quite well considering that it was supposed to be overwhelmed.

From CNN:
The site is experiencing a distributed denial of service (DDOS) attack, it said. That’s an effort to make a website unavailable to users, normally by flooding it with requests for data.

How does a site defend against a DDOS attack? There several methods that web site owners can use to mitigate the effects of an attack, but they must be planned out and deployed in advance. Each approach also has it’s advantages and disadvantages.

Load Balancing: Designing a service to take advantage of multiple parallel servers in a pool allows a site to scale horizontally.  By adding more servers into the pool, a site can quickly increase the resources available to handle the incoming flood. This approach is best implemented using virtual machines which can be quickly cloned and deployed.

Quality of Service: QoS metrics can be used to identify clients are making too many requests or taking up too much bandwidth. Any client that is taking an inordinate amount of resources can be throttled or dropped. This approach gets more difficult as the scale of the attack widens.

Upstream Support: The upstream network providers are accustomed to handling more traffic. A service provider might be able to provide on-demand filtering or QoS services to reduce the amount of traffic to the attacked surface. It’s beneficial for the service provider to get involved because they are not allocating bandwidth that could be utilized by other customers.

Geo-Filtering: Dropping clients based on their geographic location can help save resources for legitimate users. Of course, this approach does not work for services with an international audience or scenarios where the attacker and target are in the same geographic location.

Content Delivery Networks: CDNs are third party services that maintain multiple copies of the service content on the internet, and typically serve that content from the server that is closest or fastest to a user. These work best with static content that can be easily replicated.

Surviving a DDOS attack is difficult and requires planning and resources. Planning is key since throwing resources at a problem in a reactionary way is doing little but wasting money and moving the bottleneck. As the availability of the services becomes more critical, it’s easier for an organization to justify the costs of obtaining these resources.

Update: WikiLeaks has acknowledged the attack on their Twitter feed.

Comments are closed.