fortiddos


As further details become available for the massive distributed denial of service attack against Dyn on Oct 21 2016, here are some things FortiDDoS customers can do to protect themselves from a potential Internet of Things (IoT) botnet-based DDoS attack like Mirai. Mirai spreads by compromising vulnerable IoT devices such as DVRs. Many IoT manufacturers failed to secure these devices properly, and they don't include the memory and processing necessary to be updated. They are also usually not in control of the destination of their outbound... [Read More]
by RSS Hemant Jain  |  Oct 24, 2016  |  Filed in: Industry Trends & News
UDP floods are used frequently for larger bandwidth DDoS attacks because they are connectionless and it is easy to generate UDP packets using scripts.  DNS uses UDP primarily and under some circumstances uses TCP. Because of the usage of UDP protocol, which is connection-less and can be spoofed easily, DNS protocol is extremely popular as a DDoS tool.  Since DNS is a critically important protocol upon which the Internet is based, its availability is of utmost importance. To deny the availability, a malicious attacker sends spoofed... [Read More]
by RSS Hemant Jain  |  Mar 10, 2016  |  Filed in: Security Research
Volumetric attacks were the reason for the birth and growth of cloud based DDoS attack mitigation service providers. With the recent research related to the CloudPiercer tool, a major flaw in the current solutions has been uncovered. The paper linked here exposes critical weaknesses in the mechanisms for cloud-based DDoS attack mitigation as well as the weaknesses of the vendors in the space. Premise of a Cloud Based Security Provider Cloud based security providers base their value around a few key points: Attacks should be blocked... [Read More]
by RSS Hemant Jain  |  Oct 12, 2015  |  Filed in: Industry Trends & News
The big news last week was a Tsunami SYN flood on a cloud-based mobile and desktop messaging app. But before we talk Tsunamis, a bit of background TCP is the most common of the Internet protocols, used by protocols such as HTTP, SSL, SMTP, POP, etc. A TCP connection is established using a 3-way handshake that begins with a TCP SYN packet. The server then responds with a SYN/ACK packet similar to a hello response to a hello on a phone conversation. The client then sends an ACK packet to complete the 3-way handshake. Misuse happens where... [Read More]
by RSS Hemant Jain  |  Jul 14, 2015  |  Filed in: Industry Trends & News
A very significant percentage of DDoS attacks are spoofed – is a well known fact in the industry. Spoofed TCP SYN, spoofed UDP and spoofed ICMP are the most common protocols used for creating the havoc for most data centers. Despite this well-known fact, some products in the DDoS space create beautiful graphs with source countries. Unless they are actually collecting data in an appliance that’s deployed closest to the source of the attack, this data may neither be correct nor can it be trusted.    Figure 1 Top... [Read More]
by RSS Hemant Jain  |  Jul 03, 2015  |  Filed in: Security Research
The world would have been almost without DDoS if spoofed packets were blocked at their source. BCP 38 has been proposed since the year 2000 but has not been widely implemented because of costs and complexity of implementation. Since outbound DDoS is no one’s problem, most people do not spend money and time on solving it. It’s only when the service starts getting interrupted with inbound DDoS that it becomes a serious issue. Until very recently, you would need a carrier-grade router to implement BCP 38. And, obviously, the performance... [Read More]
by RSS Hemant Jain  |  Jun 04, 2015  |  Filed in: Industry Trends & News