 |
Chicago Webs Lose Clients Due to Multi-Layered DDoS AttackDNS, ports and e-mail all impacted by DDoS attackJuly 31, 2003 - Chicago Webs experienced a sudden Domain Name Service (DNS) server outage. All of the company's hosted Web sites were down, as well as the e-mail servers. At Chicago Webs' headquarters phones began to ring. Nobody answered. Everyone was busy trying to stop one of the largest Distributed Denial of Service (DDoS) attacks the company has ever seen. The DNS security team was almost helpless and was facing a versatile DDoS attacker targeting several DNS vulnerabilities in the network. At first, the DDoS attack looked like an average DDoS DNS attack, featuring only a small network of enslaved computers (botnet). In just a few hours the power of the DDoS attack increased, and the botnet was composed of about 700 computers. For Chicago Webs this meant that 700 DNS servers were attacking their network. The amount of data received by the network flooded the DNS servers and everything crashed. The hacker targeted a variety of paths including open ports, http:, mail and the DNS. This prevented the target from blocking ports in the Firewall, making the network a sitting duck. Blocking every IP address that was attacking the company was not an option due to the large number of IPs. To stop the DDoS attack, Chicago Webs brought an expensive device called an "Attack Mitigator". All the logs and other important information were handed over to the police for investigation. The DDoS attack could not be stopped for three or four days and many of the company's clients moved to other hosts. Source: IT Jungle About Secure64 Software Corporation
|
|
|