Infopackets web server attacked (DDoS), Part 2

Dennis Faas's picture

Earlier this week, I informed Readers that our web server was assaulted with a Distributed Denial of Service (DDoS) attack.

After writing Tuesday's article, I invited some comments from Readers concerning the attack. Infopackets Reader Steve S. writes:

" Dear Dennis,

The likelihood that the DDoS attack was a result of your recent article on web security is most likely not the case. I would tend to look at this issue from a more statistical point of view by mapping out the available data on who gets attacked, where and when. For this reason, I believe that the attack on your server was merely a coincidence. "

My response:

Excellent point.

There are a number of online services (such as dShield.org and myNetWatchman) which aggregate intrusion data (from firewalls) and are then able to illustrate the "who, what, when and where". In fact, the dshield.org web site summarizes the data it collects in an attractive graphic, so it's easy to identify intrusions.

Interestingly enough, the firewall service installed on the infopackets main server utilizes information collected by dshield.org and automatically bans [an entire subnet of] IP address of known offenders automatically. In techy terms, this is referred to as a reactive firewall.

Infopackets Reader Robert Q. writes:

" I believe that everything happens for a purpose (never by chance). It's not difficult these days to gain access to malicious programs which are capable of executing DDoS on remote machines -- and what's worse -- there's a ton of computers connected to the 'net that simply do not have the necessary protection in order to prevent a DDoS attack in the first place! Case and point: many of my friends have confessed to me that they do not want to slow up their machines by adding the layers of protection (I.E.: antivirus and anti-hacker firewall) -- and so they essentially run their machines 'naked' on the Internet. "

My response:

I too was once guilty of using this philosophy.

Back when I started using the Internet for the first time (in 1995), the only protection I used on my PC was an anti-virus scanner. The idea that someone might hack into my machine and cause significant damage just didn't phase me. I mean, what's the worse they could do -- send me a virus?

But now, the Internet is a much different beast. Technology has evolved; knowledge has evolved -- and so has the number of computers online.

While it is true that the majority of anti-virus and anti-hacker software tend to 'bog' down a machine, the benefits of slim-lining a PC just don't offset the risks these days. The simple truth is that DDoS attacks wouldn't emerge 'haphazardly' if the majority of computers connected to the Internet were kept up-to-date.

So, that leaves me with the following question ... How secure is your PC?

Most folks think that a Firewall and Anti-Virus software is enough to keep their system protected.

Unfortunately, this is *far* from the truth!

" The primary issue in Internet security is not that hackers troll the Internet, but rather that the Internet is chock full of insecure systems which are easily compromised, providing means for hackers to perform untraceable, indirect attacks. The only profound way to improve Internet security is to reduce the number compromised systems and minimize the amount of time that a system remains in a compromised state. " (Source: myNetWatchman.com)

And so, the point is -- unless you've gone through the necessary precautions, your computer system may be *wide open* and vulnerable to hackers, viruses, Spyware, Trojans, and much, MUCH more!

So, what steps should you take to ensure that your PC is protected and *stays* protected?

Answer.

Rate this article: 
No votes yet