DDoS For Dummies, Corero Network Security Edition

Transcription

DDoSFORDUMmIES‰CORERO NETWORK SECURITY EDITIONby Lawrence C. MillerThese materials are the copyright of John Wiley & Sons, Inc. and anydissemination, distribution, or unauthorized use is strictly prohibited.

DDoS For Dummies , Corero Network Security EditionPublished byJohn Wiley & Sons, Inc.111 River St.Hoboken, NJ 07030-5774www.wiley.comCopyright 2012 by John Wiley & Sons, Inc., Hoboken, New JerseyPublished by John Wiley & Sons, Inc., Hoboken, New JerseyNo part of this publication may be reproduced, stored in a retrieval system or transmitted in anyform or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise,except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without theprior written permission of the Publisher. Requests to the Publisher for permission should beaddressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.Trademarks: Wiley, the Wiley logo, For Dummies, the Dummies Man logo, A Reference for the Restof Us!, The Dummies Way, Dummies.com, Making Everything Easier, and related trade dress aretrademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the UnitedStates and other countries, and may not be used without written permission. Corero and the Corerologo are trademarks of Corero Network Security. All other trademarks are the property of theirrespective owners. John Wiley & Sons, Inc., is not associated with any product or vendor mentionedin this book.LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKENO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY ORCOMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALLWARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR APARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES ORPROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BESUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THATTHE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHERPROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF ACOMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NORTHE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT ANORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR APOTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR ORTHE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAYPROVIDE OR RECOMMENDATIONS IT MAY MAKE. FURTHER, READERS SHOULD BE AWARETHAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEAREDBETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ.For general information on our other products and services, please contact ourBusiness Development Department in the U.S. at 317-572-3205. For details on how tocreate a custom For Dummies book for your business or organization, contact info@dummies.biz. For information about licensing the For Dummies brand for products orservices, contact BrandedRights&Licenses@Wiley.com.ISBN 978-1-118-18253-6 (pbk); ISBN 978-1-118-18279-6 (ebk)Manufactured in the United States of America10 9 8 7 6 5 4 3 2 1These materials are the copyright of John Wiley & Sons, Inc. and anydissemination, distribution, or unauthorized use is strictly prohibited.

ContentsIntroduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1About This Book. 1How This Book Is Organized. 1Icons Used in This Book. 2Chapter 1: DDoS Attacks Defined . . . . . . . . . . . . . . . . . . . 3Examining DDoS Attacks. 3Recognizing the Business Impact of DDoS Attacks. 8Understanding the Attacker’s Motivations. 11Chapter 2: DDoS Countermeasures: What Worksand What Doesn’t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Traditional Security Solutions Aren’t Sufficient. 15ISP and Cloud-Based DDoS Defense Solutions. 18Chapter 3: Best Practices for DDoSAttack Mitigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Create a DDoS Response Team and Plan. 23Best Practices for Effective DDoS Defense. 29Chapter 4: Your Best Protection: On-PremisesDDoS Defense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33On-Premises 3DP Protection against DDoS. 33Latency: The Self-Inflicted DOS attack. 37Chapter 5: Eight Benefits of Corero’s DDoSDefense System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Comprehensive DDoS Protection. 41Expert, Continuous DDoS Defense Service. 42Proactive, Automated Updates. 42Robust Performance. 43Scalable, Transparent High Availability. 43Easy, Customizable Deployment. 43Real-Time Incident Response. 44Green Design. 44These materials are the copyright of John Wiley & Sons, Inc. and anydissemination, distribution, or unauthorized use is strictly prohibited.

Publisher’s AcknowledgmentsWe’re proud of this book and of the people who worked on it. For details on how tocreate a custom For Dummies book for your business or organization, contact info@dummies.biz. For details on licensing the For Dummies brand for products or services,contact BrandedRights&Licenses@Wiley.com.Some of the people who helped bring this book to market include the following:Acquisitions, Editorial, andVertical WebsitesProject Editor: Jennifer BinghamEditorial Manager: Rev MengleBusiness Development Representative:Sue BlessingCustom Publishing Project Specialist:Michael SullivanComposition ServicesProject Coordinator: Kristie ReesLayout and Graphics:Sennett Vaughan Johnson,Lavonne RobertsProofreader: Jessica KramerPublishing and Editorial for Technology DummiesRichard Swadley, Vice President and Executive Group PublisherAndy Cummings, Vice President and PublisherMary Bednarek, Executive Director, AcquisitionsMary C. Corder, Editorial DirectorPublishing and Editorial for Consumer DummiesKathleen Nebenhaus, Vice President and Executive PublisherComposition ServicesDebbie Stailey, Director of Composition ServicesBusiness DevelopmentLisa Coleman, Director, New Market and Brand DevelopmentThese materials are the copyright of John Wiley & Sons, Inc. and anydissemination, distribution, or unauthorized use is strictly prohibited.

IntroductionThe Internet has revolutionized the way business operates.Today, global businesses move huge volumes of data inreal-time, and e-commerce is fast becoming the lifeblood oftrade. Financial trading houses conduct business at speedsand scales that were incomprehensible just a few years ago.E-retail has grown on a vast scale, serving remote customersacross the globe. Entire industries have sprung up aroundonline gambling and gaming sites. Online companies dependon 24/7 availability and fast, real-time responsiveness toensure that customers keep coming to their websites. But thisnew world of high-speed, high-volume e-commerce has created new opportunities for criminals and others who woulddo harm to thriving online companies. Malicious competitors,extortionists, and hacktivists are orchestrating devastatingdistributed denial-of-service (DDoS) attacks, turning dependence on the speed and availability of business websitesagainst those who run them.About This BookThis book explores real-world examples of DDoS attacks, themotivations of their perpetrators, and the operational andbusiness risks to organizations. You also learn why traditionalsecurity solutions are ineffective and how Corero’s comprehensive DDoS Defense System protects enterprise networks againstmodern DDoS attacks. This book was written for Corero.This book is written with both technical and nontechnicalreaders in mind, so whether you’re an executive, line of business manager, or an IT specialist this book is for you.How This Book Is OrganizedThis book consists of five short chapters. Here’s a brief lookat what awaits you!These materials are the copyright of John Wiley & Sons, Inc. and anydissemination, distribution, or unauthorized use is strictly prohibited.

2DDoS For Dummies, Corero Network Security Edition Chapter 1: DDoS Attacks Defined. I explain the tacticsand motives of today’s cybercriminals and the impact ofDDoS online businesses. Chapter 2: DDoS Countermeasures: What Works andWhat Doesn’t. Chapter 2 explains why traditional security solutions and defense mechanisms — and mostDDoS mitigation methods — aren’t sufficient to protectyour systems and networks from modern DDoS attacks. Chapter 3: Best Practices for DDoS Attack Mitigation.Despite your best efforts, your organization may be hitby a DDoS attack. The security solutions you deploy andthe policies and plans that you create now will determinewhether or not an attack is successful. Chapter 3 willhelp you prepare. Chapter 4: Your Best Protection: On-Premises DDoSDefense. Next, I introduce you to the advanced capabilities and features that on-premises protection fromCorero brings to the fight against DDoS attacks. Chapter 5: Eight Benefits of Corero’s DDoS DefenseSystem. Finally, in that classic For Dummies format, I endwith a chapter of compelling reasons for you to deployCorero’s DDoS Defense System.Icons Used in This BookThroughout this book, I occasionally use special icons tocall attention to important information. You won’t see anysmiley faces winking at you or any other little emoticons —distributed denial of service is a serious matter — but you’lldefinitely want to take note!This icon points out information that may well be worthcommitting to memory to help you understand and deal withDDoS attacks day-in and day-out.This icon offers helpful tips and useful nuggets of informationabout DDoS attacks and defense.Don’t let this happen to you. These useful alerts offer practical advice to help you avoid potentially costly mistakes.These materials are the copyright of John Wiley & Sons, Inc. and anydissemination, distribution, or unauthorized use is strictly prohibited.

Chapter 1DDoS Attacks DefinedIn This Chapter Analyzing modern DDoS tactics Pinpointing opportunities for DDoS attackers in real-world businesses Getting to know the enemyADDoS attack against your organization’s network andsystems can bring your online business to a grindinghalt, costing you hundreds of thousands — even millions — ofdollars, ruining your brand, and driving away your customers.For a crime to occur — and make no mistake, DDoS attacksare crimes — three elements must be present: means, opportunity, and motive.In this chapter, you learn about modern DDoS attacks (themeans), their impacts on real world businesses (the opportunity), and the motives of their perpetrators.Examining DDoS AttacksToday’s computing environments are being bombarded bydistributed denial-of-service (DDoS) attacks that overload critical systems and networks, causing them to become unresponsive and unproductive.A DDoS attack is a cyberattack in which many, usuallycompromised, computers send a series of packets, data, ortransactions over the network to the intended attack victim(or victims) in an attempt to make one or more computerbased services (such as a web application) unavailable tothe intended users. DDoS attacks generally result from theThese materials are the copyright of John Wiley & Sons, Inc. and anydissemination, distribution, or unauthorized use is strictly prohibited.

4DDoS For Dummies, Corero Network Security Editionconcerted efforts of cybercriminals to stop an Internet sitefrom functioning efficiently or at all.DDoS attacks have plagued the Internet, corporate websites,and networks for more than a decade. Although DDoS attacksaren’t new, modern threats and tactics are more advancedthan ever, and DDoS attacks are occurring with increasing frequency and causing greater damage against a rapidly growingnumber of targets worldwide.The means for committing DDoS attacks are readily availableto practically anyone. Easy-to-use, automated tools can befreely downloaded from various blackhat (hacker) websiteson the Internet. The resurgence in DDoS attacks can be largelyattributed to two factors: the rise of global botnets and newattack techniques for evading detection.The role of botnetsA botnet is a network of compromised PCs or other devices.These compromised PCs are called bots (or zombies). Bots arePCs that are infected with various types of malware, such asviruses, worms, Trojans, and spyware, that enable the PCs tobe compromised by an attacker. A bot can be remotely controlled by an attacker (sometimes called a bot-herder) to carryout DDoS attacks, steal data from victim networks and servers, or send out e-mail spam. Bots can be particularly difficultto detect and clean from an infected PC because they’re veryadaptive and resilient. The bot-herder can quickly and easilychange the behavior and characteristics of a bot, making itextremely difficult to detect.Some bots even detect and clean many common types ofviruses from an infected PC, so that your installed anti-virusor anti-malware software doesn’t tip you off to the larger (bot)infection!It has been estimated that up to 80 percent of all Internetconnected computers are infected with some form of spywareor adware.Botnets are typically comprised of hundreds of thousands tomillions of infected bots, and can operate for several yearsbefore being discovered or taken down. Criminal organizationsThese materials are the copyright of John Wiley & Sons, Inc. and anydissemination, distribution, or unauthorized use is strictly prohibited.

Chapter 1: DDoS Attacks Defined5are known to rent out control of botnets to anyone willing topay the price — often for less than 100 per day.Types of attacksThe second major factor spurring increased DDoS attacks is ashift in techniques from brute force assaults to more insidiousattacks.In a brute force attack, the attacker sends an exceptionallylarge payload to a targeted organization’s network in order tooverwhelm the available bandwidth on that network. Thesetraditional DDoS attacks are called network-layer DDoS attacksand are still common today (see sidebar, “The devil is in theDDoS details”).Network-layer DDoS attacks can disrupt communicationswith your critical e-commerce servers, for example, or overwhelm your network. A botnet comprised of large numbersof hijacked systems simultaneously sends packets to a targetserver, attempting to open a communication session. Whenthe victim server replies, the attacking systems don’t acknowledge the server’s response. This overloads the server bycausing it to use all its available resources attempting to keeptrack of the many incoming connections. Service is degraded,and the server may crash.An overwhelming network-layer DDoS attack can disrupt oroverload the network infrastructure to the point where itcan’t transmit requests or responses. These attacks can affectISP (Internet service provider) links, routers, switches, firewalls, and servers, causing one or more of them to becomebottlenecks, and restricting or eliminating the ability of theserver to deliver its service.In an effort to thwart the security mechanisms used by mostorganizations to defend against traditional network-layerDDoS attacks (such as firewalls and some intrusion prevention systems) attackers have adopted a newer variant of thetraditional DDoS attack — application-layer DDoS attacks.These materials are the copyright of John Wiley & Sons, Inc. and anydissemination, distribution, or unauthorized use is strictly prohibited.

6DDoS For Dummies, Corero Network Security EditionThe devil is in the DDoS detailsTraditional network-layer DDoSattacks typically flood the victim’ssystem or network with requests,such as a flood of IP packets, TCPpackets, or ICMP packets. The following are some common types oftraditional DDoS attacks.SYN FloodA SYN-flood attack (see the accompanying figure) takes advantageof the TCP (Transmission ControlProtocol) three-way handshake process by flooding multiple TCP ports onthe target system with SYN (synchronize) messages to initiate a connection between the source system andthe target system. The target systemresponds with a SYN-ACK (synchronize-acknowledgement) messagefor each SYN message it receivesand temporarily opens a communications port for each attempted connection while it waits for a final ACK(acknowledgement) message fromthe source in response to each ofthe SYN-ACK messages. The attacking source never sends the final ACKmessages and therefore the connection is never completed. The temporary connection will eventually timeout and be closed, but not before thetarget system is overwhelmed withincomplete connections.InternetBot MasterBotnet Command and ControlBotBotBotSYN Flood TrafficBotBotnetUDP FloodA UDP (user datagram protocol) floodattack involves the attacker sendingUDP packets to each of the 65,535UDP ports on the target system. m’s Network/Serverstarget system is overloaded whileprocessing the UDP packets andattempting to send reply messagesto the source system.These materials are the copyright of John Wiley & Sons, Inc. and anydissemination, distribution, or unauthorized use is strictly prohibited.

Chapter 1: DDoS Attacks DefinedICMP floodMost network-layer DDoS attacks usebot-infected systems to flood a targetwith network traffic. ICMP (InternetControl Message Protocol) packetsare commonly used for this purpose.ICMP packets are legitimately used7for network troubleshooting, butwhen used for a DDoS attack, thesetiny packets can overwhelm a targetsystem, leaving it unable to servicevalid network requests in a timelyfashion.Application-layer DDoS attacks still take place over the network. But these attacks not only send network packets — theyactually complete TCP connections from the attacker to thevictim server. Once the TCP connection is made, the attackingcomputers make repeated requests to the application in anattempt to exhaust the resources of the application, renderingit unable to respond to any other requests.These more intelligent attacks are harder to defend againstbecause they create denial-of-service conditions without consuming all the available network bandwidth or overloadingrouters, firewalls, and switches. The attack traffic often lookslike legitimate, routine traffic coming into a network or website. It could be something as simple as a request to display aweb page or to fill out a “contact us” form. A common example of an application-layer DDoS attack is a repetitive HTTPGET request, which cripples a Web application server with anoverwhelming number of requests for a resource.Compared to a network-layer attack, a successful applicationlayer attack typically requires a much smaller botnet tooverwhelm a victim server. The hijacked bots in an application-layer DDoS attack go beyond simply initiating an opencommunications session with a victim server. Because theattacking bots are actually communicating with the victimserver, more server resources must be allocated, and potentially the resources of other network assets, such as a database server, that are integrated with the victim server.The goal of all the different types of DDoS attacks is to consume resources that should be available for a system or application to serve its intended customers.These materials are the copyright of John Wiley & Sons, Inc. and anydissemination, distribution, or unauthorized use is strictly prohibited.

8DDoS For Dummies, Corero Network Security EditionRecognizing the BusinessImpact of DDoS AttacksFar too many organizations are ill-prepared to deal with theeffects of DDoS attacks and other Internet security threats.They rely on firewalls, intrusion detection systems (IDS),intrusion prevention systems (IPS), and other security technologies that are inadequate to defend their networks andsystems against DDoS attacks (see Chapter 2 to learn more),thereby creating plenty of opportunity for cybercriminalstoday. In the following sections, I tell you about a few industries that are prime targets for DDoS attacks.E-commerceE-commerce is the lifeblood of many businesses around theglobe and has become a way of life for millions of consumerswho depend on their computers and mobile devices to buyproducts and services, research product information, andobtain support. JP Morgan projected that 2011 e-commercerevenue would reach 680 billion, up 18.9 percent over 2010.E-commerce works in our modern, fast-paced world becausee-commerce sites are responsive, secure, and always availableon demand. E-commerce is quickly transforming the Internetfrom the “information superhighway” into the “informationsupermall.”Unfortunately, legitimate businesses aren’t the only onestaking advantage of the tremendous opportunities createdby the Internet. Criminals have been quick to gravitate to theInternet as business volume and the value of online transactions have reached critical mass. There’s big money in onlinebusiness — and therefore big criminal opportunity.Online companies are victimized by mass, automated attacksthat exploit targets of opportunity, as well as targeted attacksthat exploit unpatched or zero-day (previously unknown) vulnerabilities. Organized criminals also employ hacking techniquesand malware to commit data theft, extortion, identity theft, andfraud. The crimes are as old as civilization, but the methods areadapted to the times and the impact is devastating.These materials are the copyright of John Wiley & Sons, Inc. and anydissemination, distribution, or unauthorized use is strictly prohibited.

Chapter 1: DDoS Attacks Defined9DDoS attacks are on the rise: Gartner reports a 30 percentincrease in attacks in 2010, and that trend has continuedthrough 2011. Cybercrimes are now the FBI’s third highest priority, behind terrorism and espionage.E-commerce companies depend on 24/7 availability and realtime responsiveness on their customer-facing sites. When aDDoS attack strikes, businesses can lose thousands or evenmillions of dollars if service is slowed or the website goesdown. Extended service interruptions can be catastrophic,both in terms of revenue loss and damage to the corporatebrand.To your customers, your Internet website is your business. Ifyour website is down, your customers can simply surf overto your competitors’ websites and may become your formercustomers. Disruptions to your website for any extendedperiod can impact business and severely undermine customer confidence. Recent DDoS attacks have hit Amazon,PayPal, Visa, Sony PlayStation Network, and MasterCard,among others.Companies doing business online are also entrusted with andresponsible for sensitive customer data, including accountcredentials, credit cardholder data, and personally identifiable information (PII). Compliance mandates, such as thePayment Card Industry Data Security Standard (PCI DSS),impose stiff penalties on businesses for failing to protectthese records against unauthorized access.A DDoS attack can be a preemptive strike to test your company’s security and response capabilities. For companies thataren’t ready to properly respond to an attack (see Chapter 3), apanicked and unorganized reaction can weaken your defensesand open the door for further attacks and data theft. Even ifa DDoS attack doesn’t lead to a data breach, your customers’perception will be that your company’s website isn’t secure,which may cause them to hesitate when doing online businesson your site or to avoid your site altogether.According to a survey by the Ponemon Institute, the averagetotal cost of a single data breach was more than 7.2 milliondollars in 2010.These materials are the copyright of John Wiley & Sons, Inc. and anydissemination, distribution, or unauthorized use is strictly prohibited.

10DDoS For Dummies, Corero Network Security EditionFinancial servicesThe Internet has revolutionized the way financial institutionsdo business, from online banking services to high-speedglobal transactions and payment processing. Financial transactions are processed in huge volumes and at high speedsaround the globe, enabling institutions, partners, and customers to react swiftly to changing financial conditions andmarket requirements.Customers conduct online transactions from anywhere, at anytime, and increasingly, from any number of different devices(such as smartphones and tablets). They expect their information to be secure and that services will be reliable, fast,and always available when they need them.As the Internet has opened up new business opportunities, ithas also introduced new elements of risk in the financial services sector that must be considered in their risk assessmentand risk mitigation programs. These risks, broadly speaking,manifest themselves in two categories: DDoS attacks: For online banking and financial transactions, time is quite literally money. Millions of dollarscan be lost in minutes if service is slowed or interrupted.In performance-sensitive environments such as transaction processing and high-volume trading, major serviceinterruptions can be catastrophic, both in terms of actualfinancial loss and damage to the corporate brand. Data breach: Like e-commerce companies, financial institutions — from the largest banks and trading houses toregional credit unions — are entrusted with and responsible for sensitive customer data. Financial servicesproviders are required by numerous regulations and obligations to their customers and partners to protect thesesensitive records against unauthorized access.Malicious cyberactivity is a continuous threat to both onlinetransactions and services and sensitive information. Manybanks, stock exchanges, and other financial institutions,including Bank of America, U.S. Bancorp, and the New Yorkand Hong Kong stock exchanges, have been victims of DDoSattacks.These materials are the copyright of John Wiley & Sons, Inc. and anydissemination, distribution, or unauthorized use is strictly prohibited.

Chapter 1: DDoS Attacks Defined11Online gamingOnline gaming is big business. Many millions of people engagein Internet gambling from poker to bingo, and play videogames such as first-person action shooters and wildly popular role-playing fantasy games on platforms including PCs,Microsoft Xbox, and Sony PlayStation. The stakes are high: According to a report by Global Betting and GamingConsultants, the global online gambling industry grew by12 percent during 2010 to 29.3 billion. According to the Online Gaming Association, 20 millionMicrosoft Xbox users have spent 17 billion hours online;there are 40 million Sony PlayStation Network accounts.Performance and availability are critical to the success of onlinegaming businesses. DDoS attacks can undermine the businessin a hurry. If a gambling site goes down, all bets are off. And forgamers, a slow game is no game at all — they will seek entertainment elsewhere, perhaps at a competitor’s gaming site. Videogame companies, in particular, may face unscrupulous competitors that would attack their site during beta testing to disruptthe launch schedule for a new game, or to ruin gaming sessionsin order to drive customer traffic to their own game sites.In addition to the DDoS threat, online gaming companiesand gambling sites, like other businesses that engage ine-commerce and financial transactions, are custodians ofsensitive customer data and financial information, and aretherefore subject to various compliance mandates, includingPCI DSS and numerous state data breach notification laws.The hacktivist group Anonymous recently directed DDoSattacks against the Sony PlayStation Network to protest theentertainment giant’s lawsuit against the person who published code that lets users “jailbreak” the PlayStation 3.Understanding the Attacker’sMotivations“If ignorant both of your enemy and yourself, you are certainto be in peril.”– Sun Tzu, The Art of WarThese materials are the copyright of John Wiley & Sons, Inc. and anydissemination, distribution, or unauthorized use is strictly prohibited.

12DDoS For Dummies, Corero Network Security EditionBragging rights and recognition of hacking skills used to bethe primary motivation for DDoS attacks against prominentwebsites. Today, a number of more sinister motives driveDDoS attacks, including criminal extortion, unfair businessadvantage, and political or ideological activism — all of whichare explained in the following sections.Criminal extortionOne of the main motivations for DDoS attacks today is criminal extortion. An attacker threatens to take down the intendedvictim’s site or network unless a ransom is paid. A limiteddenial-of-service attack is often launched concurrently withthe threat to establish the attacker’s credibility.An online gaming site recently received just such a criminalextortion threat and got a taste of what was to come with alimited proof-of-concept attack. Rather than knuckle underto the criminals, the wou

4 DDoS For Dummies, Corero Network Security Edition concerted efforts of cybercriminals to stop an Internet site from functioning efficiently or at all. DDoS attacks have plagued the Internet, corporate websites, and networks for more than a decade. Although DDoS attacks