I keep reading about how Distributed Denial of Service (DDoS) has been in the past, and is being used, to cause all sorts of damage.
A DDoS is an attack where hundreds, thousands, or millions of zombie computers/systems are used by someone or some group to send fake traffic to a particular website or place on the Internet.
The result is something that is analogous to attempting to get to the gate when they call "Business class" and there are 200 economy class people standing shoulder to shoulder waiting for their turn... it's a struggle to get through, if you can make it at all.
The latest one that hit my virtual windshield overnight was the DDoS story from the Russian elections. In what can only be described as obvious political activism (or hacktivism if you prefer) websites claiming to expose violations in Russia's election system were DDoS'd off the face of the Internet recently.
This attack is interesting in that it proves that no matter how big the (virtual) pipe you have to your website it's possible to push so much traffic, garbage or real, that the odds of handling it properly and staying available are virtually zero.
While there are threat mitigation techniques, and lots of DDoS Solutions they tend to all be implemented at the carrier level, or very, very expensive... Some of the more common ways to be Distributed Denial of Service'd into oblivion can actually surprise you...
- Poor application design - Yes, it's possible to do it to yourself. Applications that are poorly designed can fail under heavy load (see yesterday's article on OWWWS). Everything from holding database connections open too long, to allowing an application to take up too much memory, or improperly doing session destruction and garbage collection can cause an application to become magically unavailable even under reasonable load.
- Poor network design - If you'll be hosting or performing critical transactions on your segment on the Internet or network you need to plan on redundancy, traffic abatement, and other things that can keep your network from being over-run by malicious or garbage traffic. Even though the technology behind network DDoS mitigation keeps getting better,
There are other ways to "be disappeared" - but in the end I make the same recommendation that I make to people who need their applications to be resilient against security issues - test, test, and re-test using the latest techniques and technologies.
There are some serious security implications to availability, or rather, poor performance. Let's take a couple of failure modes and quickly analyze their impact:
- Impact to revenue - As discussed in the previous article, poor performance on an application or a condition where performance grinds to a halt can and will lead to direct loss of revenue for companies and organizations that thrive on Internet traffic.
- Impact to emergency systems - Imagine a world where all our mobile devices, radios, networks are inter-connected for the express purpose of getting emergency announcements out. Now imagine that the infrastructure can be surgically DDoS'd to prevent emergency broadcasts from going out, or worse, that system can be abused to become a DDoS itself... no it's not a Bruce Willis movie but it could happen.
- Loss of life - Yes, a DDoS can lead to loss of life in extreme cases. A poorly designed network which can be downed (remember SQL Slammer?) by garbage traffic which just happens to be located inside a hospital or other critical care facility can cause loss of life. Systems such as life support are increasingly become dependent on network (even if a semi-private network) connectivity for central monitoring and decision making ...when those links go down loss of life is not only possible, it's very real.
- Catastrophic failure - Think of SCADA control systems that need to be inter-connected. A DDoS on a control point which controls a critical piece of energy or life-sustaining infrastructure like water plants can keep instructions from being executed ... so whether you think of it on a grand scale like a nuclear power plant control system being DDoS'd remotely (which is high impact, low probability as we've read already), or something much smaller like the remote engine kill in your car ... DDoS'ing systems that can cause catastrophic failure has dire consequence.
It's strange, but security keeps creeping into every aspect of a connected society. It's not just for kids anymore - from political activists, to terrorists, to mischievous kids...
DDoS is being used as a tool that has turned poor performing systems into weapons against their implementers.
Cross-posted from Following the White Rabbit