12
Wed, Jun
4 New Articles

DDOS and the Old West

Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

Between 1865 and 1885, the American West was the site of numerous battles between the
U.S. Calvary and the Native Americans, between cattle ranchers and sheepherders, and between outlaws and pioneers. As each new attack and battle unfolded, each side discovered that, no matter what it did, the other side somehow always managed to thwart it. However, despite the fact that each side knew the other side was doing its best to outwit and outmaneuver it, neither side gave up. Each continued to seek innovative ways to conquer the other.

And that’s precisely what’s happening today in our high-tech society. Today’s version of the American West is the battle between hackers and Internet Web sites. Companies build Web sites to expand their businesses, and hackers break into them or flood them with attacks that attempt to cripple them or put them out of business.

In the latest rounds of attacks, hackers attempted to block such popular Web sites as Yahoo! and eBay by using what is known as a Distributed Denial of Service (DDOS) attack. In DDOS, a large number of DDOS servers send multiple requests—up to millions of requests per minute—to a given target server. The target server soon reaches the point where it shuts down because it is unable to process the sheer volume. At this point, not only have hackers been shut out, but legitimate users who want or need to get into that site have also been shut out. This type of hack is also hard to trace because it takes advantage of the way TCP/IP packets are routed around the Internet. Normally, when you send a request to a Web server, your request is broken up into multiple packets by your ISP or any router along the way en route to the target site. When the request reaches the target site, all the packets are reassembled into a single request that the target server processes. DDOS attacks exploit this fragmenting of information by creating “orphan” packets—that is, packets of data that don’t have an apparent corresponding source address. Because of this, it is very hard to trace the origin of an attack, and the hacker’s tracks are covered. Generating the flood of packets can take advantage of many legitimate features of the TCP/IP protocol. Often, these features were designed for legitimate diagnostic purposes, but, in the hands of a malicious individual, they can flood unsuspecting servers.


DDOS

Methods of Prevention

DDOS is very dangerous because it disguises itself as a valid request. There are a few things you can do to prevent a DDOS attack, although probably not as many as you might like. Here are some suggestions I’ve culled from various sources on the Internet on ways you can help secure your Web site from a DDOS attack, or at least make it less vulnerable to attack:

• Monitor your Web traffic. Almost all publicly-provided Internet services use the so-called well-known ports, residing on port numbers below 1024. If you get hits on ports above port 1024, you may be getting hacked.

• Use commonly available intrusion detection software to analyze the packet requests you receive. You can learn a lot from the contents of the packet. Specifically, check for the following:

o If the User Datagram Protocol (UDP) contains only alphanumeric data (i.e., no spaces, carriage returns, punctuation, etc.), it may be because it has been Base64-encoded, meaning that it follows the pattern of well-known hacking attempts. You can filter out these types of requests. o If the UDP is larger than, say, 128 bytes, be suspicious. It could contain decoy information used to flood your server. The most common UDP sizes are 64 to 128 bytes. You should perform some reasonableness checking on larger UDPs. o Check to make sure that the bandwidth coming into your site doesn’t exceed a maximum amount set by you. If it does, this could be a sign of a DDOS.

• Find out whether or not your host vendor has created patches such as those for TCP SYN ACK to filter out well-known types of DDOS attacks. If your host vendor has created patches, apply them.

• Lower the server’s TCP time-out value. The lower you go, the less window of opportunity there will be for a hacker to exploit a given connection.

• Do not allow anonymous FTP on your server. Anonymous FTP can be used to allow someone to start an FTP session on your system and then issue a remote command to pass through to another server where the process can be repeated, thereby creating an untraceable trail.

• Using Operations Navigator with your AS/400, you can use IP Packet Security options to filter out unwanted requests, limit the allowable IP addresses that can connect to your system, and implement Network Address Translation.

There are many other things you can do, but these will get you thinking in the right direction. (In fact, if you have any other suggestions, please email them to me, and I’ll try to make them available in a future article.)

A Good Defense

Like the wars and battles of the Old West, hackers keep coming up with new ways to counter your defenses. It may seem futile even to bother trying to protect your site against such a moving target. However, not to provide any defense at all would be foolish. If the Calvary hadn’t built forts to retreat to, the Native Americans might have wiped them out. If cattle ranchers hadn’t built fences, sheepherders might have had their flocks graze on ranchers’ property. No single effort won any battle, just as no single defense on your part


will protect your server. However, the combined effect of several good defenses can help you protect your most valuable asset in today’s business environment: your Web site.


SHANNON ODONNELL
Shannon O'Donnell has held a variety of positions, most of them as a consultant, in dozens of industries. This breadth of experience gives him insight into multiple aspects of how the AS/400 is used in the real world. Shannon continues to work as a consultant. He is an IBM Certified Professional--AS/400 RPG Programmer and the author of an industry-leading certification test for RPG IV programmers available from ReviewNet.net.
 
BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Support MC Press Online

$0.00 Raised:
$

Book Reviews

Resource Center

  • SB Profound WC 5536 Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application. You can find Part 1 here. In Part 2 of our free Node.js Webinar Series, Brian May teaches you the different tooling options available for writing code, debugging, and using Git for version control. Brian will briefly discuss the different tools available, and demonstrate his preferred setup for Node development on IBM i or any platform. Attend this webinar to learn:

  • SB Profound WP 5539More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.

  • SB HelpSystems ROBOT Generic IBM announced the E1080 servers using the latest Power10 processor in September 2021. The most powerful processor from IBM to date, Power10 is designed to handle the demands of doing business in today’s high-tech atmosphere, including running cloud applications, supporting big data, and managing AI workloads. But what does Power10 mean for your data center? In this recorded webinar, IBMers Dan Sundt and Dylan Boday join IBM Power Champion Tom Huntington for a discussion on why Power10 technology is the right strategic investment if you run IBM i, AIX, or Linux. In this action-packed hour, Tom will share trends from the IBM i and AIX user communities while Dan and Dylan dive into the tech specs for key hardware, including:

  • Magic MarkTRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now!  Request Now.

  • SB HelpSystems ROBOT GenericForms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.

  • SB HelpSystems ROBOT GenericIT security is a top priority for businesses around the world, but most IBM i pros don’t know where to begin—and most cybersecurity experts don’t know IBM i. In this session, Robin Tatam explores the business impact of lax IBM i security, the top vulnerabilities putting IBM i at risk, and the steps you can take to protect your organization. If you’re looking to avoid unexpected downtime or corrupted data, you don’t want to miss this session.

  • SB HelpSystems ROBOT GenericCan you trust all of your users all of the time? A typical end user receives 16 malicious emails each month, but only 17 percent of these phishing campaigns are reported to IT. Once an attack is underway, most organizations won’t discover the breach until six months later. A staggering amount of damage can occur in that time. Despite these risks, 93 percent of organizations are leaving their IBM i systems vulnerable to cybercrime. In this on-demand webinar, IBM i security experts Robin Tatam and Sandi Moore will reveal:

  • FORTRA Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:

  • FORTRAManaging messages on your IBM i can be more than a full-time job if you have to do it manually. Messages need a response and resources must be monitored—often over multiple systems and across platforms. How can you be sure you won’t miss important system events? Automate your message center with the Robot Message Management Solution. Key features include:

  • FORTRAThe thought of printing, distributing, and storing iSeries reports manually may reduce you to tears. Paper and labor costs associated with report generation can spiral out of control. Mountains of paper threaten to swamp your files. Robot automates report bursting, distribution, bundling, and archiving, and offers secure, selective online report viewing. Manage your reports with the Robot Report Management Solution. Key features include:

  • FORTRAFor over 30 years, Robot has been a leader in systems management for IBM i. With batch job creation and scheduling at its core, the Robot Job Scheduling Solution reduces the opportunity for human error and helps you maintain service levels, automating even the biggest, most complex runbooks. Manage your job schedule with the Robot Job Scheduling Solution. Key features include:

  • LANSA Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.

  • LANSAWhen it comes to creating your business applications, there are hundreds of coding platforms and programming languages to choose from. These options range from very complex traditional programming languages to Low-Code platforms where sometimes no traditional coding experience is needed. Download our whitepaper, The Power of Writing Code in a Low-Code Solution, and:

  • LANSASupply Chain is becoming increasingly complex and unpredictable. From raw materials for manufacturing to food supply chains, the journey from source to production to delivery to consumers is marred with inefficiencies, manual processes, shortages, recalls, counterfeits, and scandals. In this webinar, we discuss how:

  • The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit

  • Profound Logic Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application.

  • SB Profound WC 5536Join us for this hour-long webcast that will explore:

  • Fortra IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn: