Tag Archives: Denial-of-service attack

Hosting Company Terms of Service (TOS), Part Two: Prohibited Usage

 

English: National Intellectual Property Rights...
National Intellectual Property Rights Coordination Center Logo

Here we go again! In case you didn’t get enough from Part One of this series on web hosting TOS documents (a.k.a. terms of service), I’m going to be dishing it out hot and heavy today. I will fill your plate with the mashed potatoes that is terms of service, and then I will pour on some gravy… which is… the world’s best defense against the blandness of the potato.

To rehash from the last piece, we covered two typical clauses of the terms of service:

  1. Introduction (name of company, contact information, designation of terms to denote parties referenced in the document, etc.)
  2. Legal Compliance (indemnification of the company – to clear them legally and financially – if the client does anything illegal or contrary to the TOS).

Today we will cover what types of usage of the services provided by the company are disallowed, a section that’s typically called something like “Prohibited Usage.” Everybody hates prohibition. There is a reason we wandered off to speakeasies in the roaring 20s (and I remember my carefree flapper days like it was yesterday).

For clarity (as stated in Part One), the TOS’s used by different hosting companies tend to be fairly similar, but they certainly aren’t identical. What’s written below is simply an overview and explanation of provisions and language that you often come across.

Prohibited Usage – Overview

Often this section of the terms of service is almost ridiculously broad in scope. Like some other sections of the document (and as is typical of business contracts), the TOS could really also be called the company’s CYA against getting beaten up by frivolous lawsuits (such as when Clarence Thomas hit me with a sexual-harassment suit for peeking under his cloak … where I found a secret, second cloak!).

However, if a company specifies what you can and cannot do, that TOS is (obviously) much easier to understand. In turn, you know exactly what you need to do in order to comply with the company’s expectations.

General – Pornography, Malware, Pirating & Fair Use

  1. Adult & Malicious Content – Disallows content related to pornography and gambling; also specifies that the client cannot use malicious or unlawful software (hacking programs, etc.). It also might state that you cannot promote or link to sites with warez content (essentially proprietary software that is illegally shared with a broader audience).
  2. Intellectual Property & Pirating – This section disallows you from having any content on your site that disregards intellectual property rights, such as copyright; it also might disallow pirated software.
  3. Restriction of Fair Use – Though often the language of this provision is a little vague, it primarily applies to shared hosting environments; it prevents users from engaging in activities that generate huge spikes in traffic, bumping other clients off-line or regularly making their sites extremely slow.

Back when I was an elementary school principal, I used provision #3 to expel more than 200 children (the entire second grade class, actually) for getting in my way while I was trying to get to the cafeteria. I was subsequently fired, but it was worth it, because it was the right thing to do (I was hungry).

Network & System

  1. Malware Intrusion – If malware enters the network through your site, the hosting company has a right (and often an obligation to its other clients) to quarantine you and possibly eject you from its service.
  2. DDoS, Hacking & Fraud – Hosts will often include several different provisions related to criminal misuse of their network, including entering other users’ accounts, installing bots for distributed denial of service (DDoS) or other hacking efforts, and scanning of ports.
  3. Alteration of Monitoring & Tracking – A client may not do anything that will interfere with the way that the hosting company collects and analyzes tracking data; note that often your own monitoring and analytics software could interfere with this provision, so it’s important to know whether or not you are in compliance.
  4. Negative Impact & Usage – You may also see broad provisions that allow the hosting company to determine what it deems is harmful and unacceptable; provisions like this allows huge leeway for account termination.

Back when I was a high school football coach, I used provision #4 to have the school mascot (a moose named Chester) forcibly removed from the stadium for a repeated display of poorly executed cartwheels. I was subsequently given a huge raise, a reward for a vehement and take-no-prisoners display of my manhood.

Conclusion

Terms of service: they are long and unwieldy, but it’s good to know what we’re getting into. After all, better to know than not know, so we don’t accidentally make a misstep that gets us booted off a hosting service.

To review, today we covered two subsections of usage prohibition:

  1. General – Disallowance of “adult content,” malware, and pirating; and disallowance of activities that interfere with other clients’ usage (sudden traffic spikes, etc.)
  2. Network & System – Disallowance of hacking; and disallowance of anything that interferes with the host’s monitoring/tracking or that otherwise negatively impacts the company.

That does it for the first half of prohibited use, which we will continue to explore in the next piece of this series (the final of three), after which I will be given a raise and then immediately fired (that’s my hunch).

by Kent Roberts and Richard Norwood

Understanding DDoS Attacks

 

Denial of Service Attack

Understanding distributed denial-of-service (DDoS) attacks is important to protecting websites, networks, and personal computers. So what exactly are these things, and how do we protect against them? In this article, we will look first at what denial-of-service (DoS) attacks are, then specifically focus on the distributed version, DDoS. Finally, we will look at how to prevent them. (Note that one way to prevent them has been discovered by the Amish apparently – none of their membership has ever experienced a cyber-attack.)

For basic definition purposes and the average Internet user side, I’m drawing from a piece by Mindi McDowell for the United States Computer Emergency Readiness Team (US-CERT). I will then look at further elaboration and advice for businesses from a Riva Richmond article for Entrepreneur and a piece by Sean Leach for IT Security Pro.

Basic Definition – Denial-of-Service (DoS)

A standard DoS attack, per Mindi, involves a cyber-criminal, well, denying service. They can either target PCs or the network of a website to disallow data to flow back and forth properly between the two locations. An attack such as this can occur for any online service – e-mail, websites, or any other interaction between devices involving the Internet or intranets. As Riva Richmond says, these types of attacks can also be “surgical” – going specifically after a certain application on a computer or network.

DoS attacks typically involve a process whereby the perpetrator overloads a network with digital requests. Hammering a network with requests to view URLs on its server can make it impossible for the server to process requests from its real users. In other words, with the server maxed-out because of the cyber-attack, users trying to access the system are then “denied service.” (Wedding receptions and bar mitzvahs have been known to perpetrate these attacks on restaurants.)

Another example of a denial-of-service attack is conducted via spam e-mails. If there is a limit to the amount of data that can be in your e-mail account at any one time, a DoS can shut down your ability to use the account by sending a large quantity of e-mails and/or ones containing a huge amount of information. Similarly to how users are shut out when a website’s network is attacked, those wishing to send you e-mails will be denied service once your account hits its limit.

Finally, per Sean Leach, denial of service can target DNS – so that when someone types in a URL, it does not forward to the correct IP address, i.e. the site does not load.

Basic Definition – Distributed Denial-of-Service (DDoS)

Distributed denial-of-service is spread out across many different IP addresses, making the attack difficult to defend because it seems to be coming from all sides. The perpetrator can use innocent people’s computers to achieve this by taking advantage of any vulnerable points in your system and taking the reins of your device or network. Once control is achieved, the attacker can use your system to send large amounts of data or requests on your behalf, whether URL requests or spam e-mails. As Mindi iterates, “The attack is ‘distributed’ because the attacker is using multiple computers, including yours, to launch the denial-of-service attack.”

Basic Protection of PCs

Keeping PCs safe from being a part of a distribution is one way to battles DDoS attacks. Here are rudimentary security protections:

  • Keep anti-virus software updated on all PCs throughout your network (except the one that Jimmy uses, which isn’t technically connected to the network, despite what you’ve told him).
  • Make sure a firewall is installed and set to disallow unrestricted free-flow of traffic into and out of the PC.
  • Be careful where you give out your email address, since it can be used on either end of a DDoS attack. Make sure your spam is being filtered so you are less likely to be inundated with dangerous mail.

Recognizing a DDoS Attack in Real-Time

Denial-of-service attacks are obviously not an everyday event (at least not for all Internet users). Maintenance on a network or technical glitches are much more likely to disrupt services than is a DoS attack. Nonetheless, the following parameters can give you an initial sense that a DoS or DDoS could be occurring:

  • The network becomes extremely slow. It takes a long time to open files or access various pages of the system.
  • Difficulty of going to any online locations.
  • Difficulty of getting onto a certain website.
  • Huge influx of spam or large spam messages.
  • Inability to open or get to the files on your PC.
  • Computer makes a groaning or sighing sound that suggests it feels used and abused.

What We are Up Against

Sean Leach states that DDoS attacks are growing in number, becoming more complex, and diversifying their targets. He cites a 2011 VeriSign report in which 63% of those surveyed said they had been a victim of an attack that year, with 51% losing revenue due to the invasion. Protecting against them involves various tiers of protections – in data centers, and, if applicable, in the cloud (such as a foghorn). Note that Sean believes “the cloud approach will help businesses trim operational costs while hardening their defences [sic] to thwart even the largest and most complex attacks.”

Part of the reason these attacks have become so popular is that they are working, for the perpetrators. A better stance against them continues to be a challenge to achieve but necessary to properly maintain a company’s IT infrastructure.

DDoS – Deeper Understanding

In 2002, the largest DDoS attack was 2 GB per second. Now there are attacks on record as large as 100 GB. The average website has a bandwidth of about 1 GB. As you can see, these attacks are, in a word, overwhelming – infrastructurally, financially, and emotionally.

DDoS’s are implemented via a botnet, basically an army of hijacked PCs. How do computers become bots? They pick up a virus or other malware by visiting a website or opening an e-mail that is contaminated. The overall botnet is controlled by a central computer operated by the perpetrator that issues attack details to the “army” of PCs. Per Sean, the prevalence of social media and general increased usage of the Web has “helped provide the perfect environment for DDoS attacks to grow both in size and complexity.”

An example of an attack would be having a thousand or a million different bots all click on an “Add to Cart” button at the same time. This kind of activity would max out the bandwidth of the site so that no real shoppers would be able to complete transactions. (It’s kind of like when all of these posers are swarming Colin Farrell to get his autograph, when clearly you’re the only one who understands how to love him – wholeheartedly.)

Case Study — Growthink

Riva Richmond teaches us about DDoS attacks by example. Growthink, a company based in LA that does business development, content, and consultation, was a victim of a DDoS attack two years ago. Since they are a small company, the attack caught them off-guard, but their experience can be helpful to assist other companies in avoiding threats moving forward.

In September 2011, the company’s network suddenly started getting deluged with an unexpected influx of traffic, knocking the site off-line for days. When the company contacted its host, the site was quarantined to protect other companies using the service. Growthink ended up hiring a security company specializing in denial-of-service, BlockDos, which was able to identify the negative traffic that was a part of the attack and siphon it off. This is essentially the crux for fighting DDoS: How does a site filter the traffic – which shoppers are legit, and which ones should be disregarded?

Growthink, as you can imagine, switched its hosting provider as soon as the attack was under control – but some damage was already done. The firm estimates its losses due to the event at $50,000.

Growthink is still unsure who went after them. Riva explains that businesses with a heavy reliance on e-commerce or that are generally reliant on the Internet for revenue are most often targeted. Small companies tend to be the victims of “unscrupulous competitors and extortionists, although disgruntled former employees, vandals and ‘hacktivists’ … are also known culprits.” (Disgruntled former employees would include Jimmy, a year from now.)

The General Climate – Denial of Service on the Rise

Riva cites CloudFlare, a security and Internet performance company, as saying it witnessed a 700% rise in DDoS traffic during 2012.  Small companies are becoming more likely targets because it is now less expensive to perform the attacks and sizable enterprises have become more adept at thwarting them. Regarding cost, security company Incapsula says it is possible to rent a botnet containing a thousand PCs for $400 per week.

How to Protect Your Company

Here are several steps you can take to protect yourself from DDoS attacks:

1.    Find a quality hosting service that won’t let you down.

If you’re in a shared hosting environment, you may experience the same problem that occurred with Growthink. Their website was on a shared server with various other companies. When the attack hit, the hosting company chose to mitigate the overall damage rather than ensuring Growthink received the best possible service.

Make sure you understand what your hosting company will do if an attack occurs. Read your contract. Will they help you defend yourself, and will there be an additional cost? Additionally, will you potentially have to pay for the excess traffic and its effect on your bandwidth usage, even though it was illegitimate (kind of like child support laws)?

2.    Add protection against DDoS.

If you need something beyond what your current hosting company offers, check out the offerings of CloudFlare – different levels of protection ranging from $0-$200/month, Incapsula, and Prolexic, the last of which is specifically focused on security against and recovery from these types of attacks.

3.    Make wise choices with your software.

Be sure you always have the most updated versions of your CMS, shopping cart, and other plug-ins running. DDoS attacks that target applications can exploit weaknesses of older versions. Additionally, CloudFlare CEO Matthew Prince, per Riva, recommends nginx servers – he believes the software is well-designed to withstand denial of service assaults.

Conclusion

DDoS attacks, unfortunately, aren’t going anywhere. Internet security professionals are learning from them, though. By taking advantage of their expertise, and by working with your hosting company to find the best possible solutions, you can make sure that you are as protected as possible against these persistent threats to online functionality.

by Kent Roberts and Richard Norwood

How to Understand DNS & Everything Else

 

This image was selected as a picture of the we...

WWW. SEO. URL. SSL. FTP. DNS. The Internet loves it some three-letter acronyms. The Domain Name System (DNS) is no exception. Saying a bunch of words is no match for saying some letters that represent them. That way you can have this conversation with someone.

Them: “What’s DNS?

You: “Don’t worry your pretty little head about it. It’s technical jargon that would literally blow your head off your body, and they’d use my tax money to clean up the mess, so no thanks.”

Them: “Got it. Thank you for helping me preserve the structure of my body.”

DNS is not very complicated, but this article will review it in full detail – sort of a “more than you ever wanted to know” guide. This piece, then, is much like a long, excruciatingly painful story from your grandfather about a trip he went to buy undergarments during the Depression and ended up getting kidnapped and tortured by naked and obese witches. Typical!

For this article, I drew from pieces on How-To Geek, Applied Trust, Stack Overflow, and a Josh Halliday piece on The Guardian.

DNS – What is it? Huh? Oh.

The domain name system (DNS) is Web protocol that converts the names of sites – eg ilovericepudding.xxx or nowivedecidedilikepastapuddingbetter.tv — into numbers for reading by computers/servers. DNS specifically converts from the URL, eg puddingisdeliciousandeveryoneknowsit.cc, into an IP address. The IP address hooks the visitor of the website to the correct server so that the page loads correctly.  DNS, then, is essentially the phone book that translates letters into numbers which are the server identification numbers.

When you think of a dedicated IP, typically you are in turn thinking of a dedicated server. In other words, having your own dedicated server for hosting — as opposed to using shared hosting — means that you have your own IP address specific to your own site. This “ownership” of an IP has obvious advantages regarding security and a minimization of and isolation of potential DNS-related errors. However, in shared hosting situations, a host header is used to access the correct site; that is the way that IP addresses can be shared without confusion.

DNS and Speed

Generally speaking, according to The Guardian, the connection between URL and IP is made via DNS almost instantaneously. The server is found and the data request by the visitor of the site – what any website visitor is doing when visiting any URL is making a request for data – is fulfilled. Once the DNS server makes the connection, it can move onto another request for URL/IP matching.

Most sites have DNS servers. DNS can be provided for free through a service such as everyDNS. However, solid DNS is crucial. When the DNS server does not function correctly, you can only get to a website through its IP address (the series of numbers that identify the server).

There are a couple of types of DNS problems worth looking at specifically:

  • DNS failure
  • DNS poisoning.

Failure is when a glitch makes the DNS system dysfunctional. This type of problem means that the site does not populate (with nothing populating its place).

Poisoning is a situation in which the information is purposely polluted with misinformation via a virus, other malware, or direct hacking interference. This problem directs site visitors to an impostor website – typically one that is intending to draw credit card or other personal information from people, often creating the false assumption that the site to which they are directed is the site they were originally trying to pull up – ie  a phishing scenario. A disappointing and cruel example of phishing is when you think you are putting your information into a sales portal to get a DDoS botnet, an army of malware-injected computers to bring down your competitor, and instead it turns out to be an FBI site trying to stop you from doing that, even though you’ve struggled this quarter because your competitor has better products and service than you do.

What is an IP address?

An Internet Protocol (IP) address is the identifying numbers assigned to any piece of hardware. Your cell phone, for instance, has a particular IP. The same is true of your PC or of the server for a website.

An IP address is in a format known as a dotted quad – four numbers ranging from 0 to 255, separated by dots. Note that though IP addresses are unique, sites (as discussed above) can share an IP address. Similarly, a household or business network can have a single IP, if only one router is used (assuming all devices flow through that router’s IP).

Note that within a network – also called a “domain” in terms of IP – multiple devices will each have an IP so that the router can tell them apart. However, the outside Internet is not told anything about the IPs of the internal network. The router translates the internal IPs into its own IP when Internet requests are made by the network’s devices. When a response comes in from the Internet, the router translates back to the individual IP so that the information is sent to the correct network computer. It’s similar to how thoughts and sensations each get stored in your various multiple personalities so that Cecilia, Jack, and Dr. Blankenship can each have their own personal stories, friendships, and memories.

One good thing about URLs, beyond the fact that they are easier to remember and can be branded in ways that strings of numbers cannot, is that IP addresses are specific to hardware. If a website changes its hosting company, for example, its IP address will change. But that doesn’t really matter, because no one is typing in the IP. As soon as the DNS entry is updated with the new IP information, the site will populate accurately from the files located on the new hosting service’s machine.

Sample – Google.com

So you can get a better sense of how IP addresses work, try typing 173.194.39.78 into your address bar. You should see Google populate. That is Google’s IP address. As you can see, the IP and the URL are essentially synonymous. Data-wise, it’s all about the IP. But everything must be named so that we humans can remember more easily.

Typically you’re not typing in 173.194.39.78, but rather Google.com (unless you’re really into IP addresses – an IPP or Internet Protocol Purist, as they’re called in IT circles). Nonetheless, the DNS server translates into the appropriate IP so that the data between you and the servers which populate the various websites that comprise the Web know what servers they need to access to send and receive data.

DNS Servers and Caching

You type a web address into your address bar. Then your computer sends out a request to the DNS server. The DNS server lets it know what the correct IP address is and sends out to that address. Your computer then goes to the correct IP. The URL in the address bar stays the same. The IP lookup and connection occurs in the background without your knowledge (unless you decide to look up the technical details).

The DNS servers you use to access IP addresses via your home or business network are typically provided by your Internet service provider (ISP). Typically a computer will send a DNS request to a router, which in turn send out the message to the ISP. The ISP’s DNS servers then respond with the correct IP number and populate the page.

DNS caching allows a computer to remember what IP is associated with a particular URL. This means that your computer only needs to retrieve DNS information one time (until the cache is cleared). The speed with which pages will load is optimized by not needing to perform a DNS lookup every time a page loads. You go straight to requesting the site, rather than going to the DNS server first, because you have the information locally to tell you where the correct IP is for the URL. Again, Internet Protocol Purists never allow the DNS to cache. They believe it is important to anthropomorphize the DNS and allow it to perform “work” constantly, strengthening its muscles and mind for the DNS apocalypse.

DNS & Security

Speaking of malware and viruses, sometimes you can be infected with one that changes your DNS server to a different one run by people who have implanted false IP addresses for heavily trafficked websites. If you put the name of one of those common sites into your address bar, the browser then instead visits the phishing site – where the evildoer attempts to pull login credentials and other sensitive details from you.

Two solutions to help prevent DNS hijacking:

  1. Antivirus software – A quality antivirus application can help prevent your computer from accessing a faulty DNS server.
  2. SSL errors – I’ve written a couple of pieces on SSL security certificates lately – both on different types of validation and on different types of certificates/ functionalities. Security certificate error messages – a window that pops up and says that there is a problem with the security certificate for the site – should always be read and considered. SSL errors are fairly uncommon, so when you come across one, ensure that the certificate was issued to an organization you recognize – it may have been and just doesn’t directly match the particular subdomain you are viewing, etc. (which doesn’t mean it’s not encrypting, so you’re fine there). Sometimes the SSL certificate, though, may have been issued to a completely different site. If you don’t recognize the site, do the following:
  • Stop
  • Collaborate with a partner in security
  • Listen to what they have to say
  • Ice, ice, baby, to go.

Summary & Conclusion

DNS is a phonebook for Internet sites, a way of matching up the identification numbers, called IP addresses, related to specific devices – servers as regards websites – with particular URLs. This allow your computer browser to send a data request to the appropriate server to populate a website. Caching of DNS allows your computer to access the website more quickly – without having to look up the DNS record each time. DNS servers can sometimes be miscoded, either innocently or malevolently. Be sure you have a quality antivirus installed and that you pay attention to SSL security certificate errors so that you are less likely to become a victim of phishing schemes (unless that’s , like, totally your thing, being a victim, which I can completely respect, as can Mr. Blankenship).

by Kent Roberts and Richard Norwood