The Gala Coral Group reported that last year their gambling sites got hit by a 10Gb DDoS attack. The Information Security Officer spoke at the recently concluded e-Crime Congress 2008.
I'm not sure of the exaggerations but an interesting part is:
Attackers disguised the build up of traffic from up to 30,000 PC and Apple Mac botnet computers during the attack by analysing and reproducing the browsing habits of the sites' typical users.Windows PCs no longer has the monopoly on botnet herds. The attackers also took the trouble into making it hard to defend against.
It sure is hard to separate the attacks if everything looks like legitimate access. Their firewall also proved to be worthless:
More worrying, during a second attack the botnet blocked attempts by the websites to stop them using a port firewall while continuing sending out data to carry on the attack.Putting up a firewall during a big DDoS attack is useless even a stateless one. You need to work with your upstream provider to mitigate these attacks and since everything looks like legit, $DEITY help you.
Resistance is futile.
0 comments:
Post a Comment