Case Study: The Distributed Denial of Service Attack
A recently distributed denial of service attack (DDoS) against a large DNS service provider showed the weaknesses inherent in the Internet domain name system. On October 21, 2016, during the early morning hours, users on the East Coast found difficulty in connecting with Amazon.com, Wired.com, the New York Times, and other websites. The issues stemmed from the inability to lookup the IP addresses of these websites from the large DNS infrastructure company “DYN,” located in New Hampshire. DNS is the phonebook for the Internet, allowing computers to change a human readable name such as “Amazon.com,” seen in the web browser, to a machine-readable IP address, which in turn is used to connect to the remote server by the local computer. Without the ability to lookup names and convert them to routable IP addresses, the human user would have to enter in the IP address by hand number by number, and thus destroy the usability of the Internet. This attack had three waves: the first at 7 a.m. EST, then early noon, and again at 4 p.m. EST. What was of interest was the size of the waves of attacks numbering in the tens of millions of devices sending numerous connections as well as the sources—webcams and DVRs. What had been unleashed by malicious actors was a botnet virus that targeted the Internet of Things devices (i.e., home security systems webcams, DVRs, and other “things”), which the owners left set to their default passwords. Once the botnet virus, called “Mirai,” had spread throughout home user’s network, all was ready for the call to attack by the command and control server against any target the hackers wanted. The “DYN” attack and similar outages brings into focus three areas of concern to the security professional: legacy protocols (DNS) that were not designed with security as an integral aspect; the lack of accountability of service providers who transport malware and attack traffic; and finally, lack of responsibility by manufacturers and users to secure devices that have the potential to massively compromise our daily life.
The case is based on Newman, L. H. (2016, October 21). What We Know About Friday’s Massive East Coast Internet Outage. Retrieved November 22, 2016, from https://www.wired.com/2016/10/internet-outage-ddos-dns-dyn/.
1. Describe a layered security approach that would prevent such a DDoS attack.
2. What measure could have allowed earlier detection of such an attack from the service provider and home networks?
With PGP, Phil Zimmermann experienced resistance from the U.S. government before being allowed to distribute it. Do an Internet search to find additional information about Zimmermann’s case. Then, in a 1- to 2-page group report, perform the following:
- Provide at least three reasons for this resistance.
- Provide references for each of the three reasons that justify the concerns of the government as legitimate.
- Identify the individual contributions of each member of the group.
Your report should be written in APA style.