The recent wave of online actions by supporters and opponents of information leaking site Wikileaks has focused attention on the phenomenon of distributed denial of service (DDoS) attacks. But a study published by Harvard University’s Berkman Center for Internet and Society this week concludes that there is no clear and easy defensive solution for many of the sites being targeted by DDoS attacks.
The study comes amid an apparent increase in the occurrence of DDoS attacks in the wake of the Wikileaks scandal. DDoS attacks overwhelm computer networks by sending floods of junk traffic to public facing servers, exhausting their bandwidth and temporarily cutting off legitimate access to the servers.
The aim of the study was to provide answers to four questions: how common are DDoS attacks against human rights and independent media sites, which methods do the attackers use, what impact do the attacks carry, and how can at risk sites protect themselves from such attacks.
Researchers Ethan Zuckerman, Hal Roberts, Ryan McGrady, Jillian York, John Palfrey created a database to keep track of reported DDoS attacks on independent media and human rights sites around the world. They then surveyed administrators of these sites and interviewed them to discuss their experiences in withstanding and fending off DDoS attacks.
Their research suggests that the advent of highly publicized DDoS attacks, like those organized in defense of Wikileaks by groups such as Anonymous, will cause a further increase in DDoS attacks in the near future. The report predicts that depending on the intentions of the attackers, DDoS attacks may interact with other types of Internet attacks, like computer and network intrusions and Web site defacing.
The study showed human rights and independent media sites are victims of both application denial of service attacks, which are relatively simple to combat, and network DDoS attacks, which are not. The mitigation of such attacks will require organizations to shift resources from independently managed servers to those hosted by major ISPs, websites, and content distribution networks that have the expertise and tools to defend against more complicated attacks.
Not that there’s nothing to be done when faced with a DDoS attack. The authors of the study recommend that site administrators can replace complex content management systems with static HTML or add aggressive caching systems to deliver content at the expense of interactivity. Organizations should also consider migrating from individual sites to those hosted on larger platforms, like WordPress and Google’s Blogger, which are DDoS resistant, even if the cost of the move is a loss of site individuality and performance.
Organizations adamant about hosting their own content need to be prepared and plan for attacks ahead of time by having attack detection systems in place, and by degrading site performance and even retreating to back-up hosts when necessary. Finally the study advises organizations to work with ISPs and Online Service Providers to determine providers that will work to protect sites from DDoS and agree to continue hosting content unless required to stop by law.
You can find the actual study here in its entirety, and the equally interesting survey results here.