'DDoS Beast' and human ego

Why is DDoS - a form of denial of service attack that is no longer recognized by true hackers - that is gaining popularity and becoming a dangerous weapon that cannot be resisted? For many reasons, one thing is heartbreaking that DDoS arises from the bad ambitions of mastering and controlling the information of individuals.

'Human is error "

Years of working in the field of infosec with not many happy memories, the only thing that makes me feel incomplete in my career is 'DDOS beast'. After all, all the complex issues of the Internet come from people. We have let the ego lead, we have facilitated and nurtured this beast. "

Then one day, it will destroy the largest and most useful communication system today. 'Human is error' - it sounds really miserable but it is also sensible!

An Internet full of defects

Until now, the Internet still has its own shortcomings since it was built - the defects of the Internet design process. Some defects are due to limitations in vision and subjectivity, the majority of the remaining defects are caused by people accidentally or intentionally created:

Americans impose free speak - full anonymous Internet

Unbelievably, a system with more than 1 billion participants did not have a user identification mechanism!

This means that the design nature of the Internet does not require users to authenticate when using. Want to use the internet? You just need to sit on any computer that connects and uses it. The Internet doesn't care about identity, fingerprints ., or anything else in you!

Very few people dare to run to the street and . rob something of someone else. But on the Internet, they will be very confident in carrying out a bad behavior, because they know the Internet protects them!

As I think, if you want Americans to be able to create a safer Internet by 'forcing' every user to authenticate identity before using it. Technically this can be done very simply, you can imagine before you can use the internet you must provide a fingerprint to activate the network interface!

Americans don't care about this, because they like free speak and 'impose' free speak feature for the whole Internet. Species of Internet users anonymously, they will be very confident to free speak. However, when humans anonymously become very wild again and clearly show their 'child' character. They attacked each other, robbed, and so on.

Technically, communication on the Internet is purely direct. A communication with B will not need to apply for a C license, the design nature of the Internet supports this and every effort to control C's information will be easily disabled. You can see this with websites that are firewalled by ISPs that will be easily disabled by countless proxies on the Internet or tunneling techniques. Internet is designed by Americans, managed, controlled, exploited and they are capable of imposing !!!

Humans behave locally - the Internet lacks coordination

There are many technical problems of the Internet that are very easy to solve, but because we behave locally, it has not been resolved.

Typically IP address spoofing issues. If it eliminates the possibility of IP address spoofing, it will almost solve 80% of anonymous problems and other problems of the Internet.

The technical requirement for eliminating IP address spoofing is that each network owner must filter the packets coming out of their network and eliminate packets with inappropriate source addresses. Doing this takes five minutes, simply adding some lines in the access list of the border router. Over the past twenty years, the problem of address spoofing still can't be solved! Simply because IP address spoofing doesn't directly affect the network owner - typical 'ignore it'ism.

What will happen if countries don't work together to solve Internet problems? Some systems of country X used by hackers Z to attack Y's network, how will these countries work together? How to punish hacker behavior if there is no agreement on law ??! Currently there are almost no progress of countries in preparing for these possibilities!

Nature of "beast" DDOS

DDOS attack is not technically complicated. Simple definition of DDOS attack: ' A type of attack that takes a system to provide services to the point of critical resource activity, or confusing logic that leads to a system to stop functioning '.

I do not explain much of the nature of DDOS, but just want to compare the two classic forms and the new form of DDOS is Flash-DDOS.

Classic DDOS morphology

The key issue of hackers attacking in classical form is to take control of as many computers as possible, then he will directly launch a mass attack remotely via a control channel. With an attack network size of several hundred thousand machines, this form can immediately knock down any system. In combination with IP address spoofing, this type of attack will be very difficult to trace.

Classical DDOS morphology model

This model has some disadvantages:

- The offensive network is fixed and attack happens simultaneously, so it is easy to back up to find clues.

- Software installed on the Infected Agent is the same and can be used as evidence to convict a hacker.

- The victim can adjust the defense system to prevent it because the attack network is 'visible'.

- Hackers are forced to directly connect to the network of attack machines at the time of attack to control so it is easy to trace the culprit.

Flash-DDOS

Taking advantage of its popularity and the ability to perform the role of Flash player's web client (almost in all existing Internet browsers) hackers conduct 'improve' the classic DDOS model.

Hacker hangs a flash file on an intermediate website with many visitors, users access this website flash file will be downloaded to the computer and executed by the Flash program. From here countless access requests will be sent to the target website.

Cannot block DDoS Flash!

Flash DDOS has several properties that make blocking and detection nearly impossible:

- The attack network is complex and self-forming:

+ It is not necessary to take control and install DDOS software into infected agents. Instead every user with a browser that supports Flash content (with Flash player) becomes an attack tool.

+ The number of attack agents depending on the number of users accessing the 3rd party website has been flashed by the flash content, this number changes over time and is completely unrecognizable by the source IP address, because this is normal users.

+ There is no process to send commands and receive reports between hackers and attack networks, all attack commands are 'embedded' in flash content and hackers do not need to receive reports because this is an asynchronous attack model. .

+ Asynchronous attack: the attack takes place without orders. Users access 3rd party websites, load flash content to the browser and Flash player executes flash content, their computer immediately becomes an agent attack-continuously sending hundreds of requests to the victim webserver.

+ The scale of attack depends on the number of 3rd party websites being exploited and the number of users who regularly access these websites. Only the average hacker takes advantage of 10 3rd party websites and each website has about 100 users at a time, the total number of requests that the victim victim server at a time is up to several tens of thousands. !!! This is a horrifying metric for anyone who manages the system of any website and often results in an instant paralysis system!

Flash-DDOS prevention is extremely difficult, Why is that?

+ Cannot distinguish between attack request and normal request into the system. When the number of requests to the system is very large, the administrator will need to 'dismiss' the attack requests, however he will have difficulty finding and destroying the attack request.

+ Attack comes from all sides: has a flexible attack network so it is almost impossible to identify the attack request from the source IP address

+ All technical information security measures encounter a practical limit - that is the resources of all systems are finite. When processing requests, these measures will use the system's resources, when the number of requests is very large, it is the 'find and kill' process that will consume the system's resources (CPU, RAM,. .)

- Searching for the culprit of Flash-DDOS attack has many difficulties: the hacker only contacted 3rd party websites once to upload flash and he has the right to choose! The attack process is self-occurring and asynchronous, so he only needs to upload and then everything happens on his own. The victim system is almost impossible to know that 3rd party websites are "hanging" the death flash (unless the hacker is not qualified and exposing the referer in the flash request-cases is less and less). Only the user who is being attacked or the new ISPs directly contacting 3rd party websites is 'hanging' the death flash, the user cannot know and need to know, the ISP can know and have no responsibility must do! Victims suffer the most and feel lonely - especially if they are businesses with online activities - e-commerce businesses.

Monsters and the ego of "netizen"

The shortcomings of the Internet will make people 's ego clear. Flash-DDOS is extremely dangerous, easy to implement, almost unable to fend off or hunt down the culprit!

The first ego - wants power

Taking control of other people's information systems is a power! To gain this power, regular hackers will have to study and work seriously for a very long time (5-10 years). For them, the ultimate goal of the hacking process is to take control of the entire system - it can be considered a hobby, they do not destroy or deprive others of the effort. It is an intellectual game and brings the development of information systems.

Many people want this power, but they don't want to work and don't want to wait long! They use 'DDOS monsters', they want a simple power to make a system stop working and from that they assume they have reached ultimate power - right to life!

In fact, they put an end to the path to becoming a regular hacker and entered the dark with extremely shallow knowledge and goals. What's interesting about the game is that in the process of playing, what is the important result?

Why play a game where you have so many advantages, forcing others to participate and always causing heavy damage to society?

The second ego - greed and incompetence

Recently there have been many DDOS cases because of economic reasons, e-commerce enterprises have just formed in the competition process that has mobilized DDOS as a competitive and competitive way in the market. this!

A coin you spend to hire DDOS is one of Vietnam 's eel grave digging - including you. Think and act really mature! Create good products, cheap prices, attentive service, the market will have its options.

The third ego - selfishness and lies

In order to solve the DDOS problem, it is necessary to coordinate with many objects: end users, ISPs, law makers, experts, .

Realizing the risk of DDOS, we are still slow to put our arms together to solve this problem. We are entrenched in a personal shell and waiting for a miracle to happen so that DDOS no longer exists. This is not possible, at least in the next 5 years, it's time to act!

As experts, we have to be honest and really make good judgments about this disaster. Lies for any reason are unacceptable. We cannot have any traces or information from the log on the systems, tell the truth about the DDOS investigation capabilities to the community and together see the nature of the problem, from which Coordination measures resolved! Don't hide information about an 'epidemic' - something every doctor knows!

Conclude

DDOS and other forms of attack on the Internet can be overcome with high determination and the power to dismiss our egos, with the enthusiastic and responsible collaboration of the VNCERT ISPs. birth is a response to the great expectations of the e-commerce community in Vietnam. I still have great faith in the stability of Vietnam Internet in the near future.

Kiet D.Anh ( The Connections Magazine )