Title: Seeking advice - DDOS attacks on exchanges, what gets hit by the attackers? Post by: monsterer on July 24, 2013, 08:13:18 AM Hi guys,
I'm love to hear from an actual exchange owner - what subsystems come under attack during a DDOS? * Is there a typical DDOS attack, or is each one different? * Do they attack low level stuff like name servers, routers, or other hosting centre equipment? * Do the attacks actually make it through to the application side? From the POV of a developer, what would be your first recommendation in order to be prepared for a DDOS? Cheers, Paul. Title: Re: Seeking advice - DDOS attacks on exchanges, what gets hit by the attackers? Post by: tradecoinz on July 24, 2013, 08:36:03 AM Hello,
It really depends on the services you are providing. If you have an API, you would want to protect that service from attack. Following the TCP/IP model, the application layer can become a large target (Zero-Day attacks, attacks on certain ports for services such as Apache). Keep in mind that DOS and DDOS attacks are 2 separate things. If the DDOS attack is large, you will see an impact in performance. One example involved Spamhaus that received a 300 Gigabit DDOS attack. Even with mitigation services, network routers were having trouble handling that much traffic. I suggest finding a good mitigation service to shield you from these attacks. Some Mitigation Service Providers: . https://cloudflare.com/ . http://www.prolexic.com/services-dos-and-ddos-mitigation.html . http://www.incapsula.com/ddos/ddos-mitigation-services Even hosting providers are implementing these services. I would personally look into Cloudflare. Best, Cameron Halter https://ibtcard.com Title: Re: Seeking advice - DDOS attacks on exchanges, what gets hit by the attackers? Post by: monsterer on July 24, 2013, 05:54:22 PM Thanks for the advice, I appreciate it!
Are there any attacks which seem to be common amongst exchanges themselves? Title: Re: Seeking advice - DDOS attacks on exchanges, what gets hit by the attackers? Post by: tradecoinz on July 24, 2013, 06:10:58 PM Thanks for the advice, I appreciate it! Are there any attacks which seem to be common amongst exchanges themselves? Most attacks now are Layer 7 DDOS attacks. They attack ports 80 and 443 to prevent access from authorized users. Mt.Gox used prolexic to mitigate the attack. There are different ways an attacker can DDOS a server...the best defense is to mitigate the attack. However, if the attacker is really nasty; they will attack the ISP the mitigation service buys bandwidth from. However, this is worst case scenario and it would require more than 300 Gigabits worth of traffic. Take a look at this: http://blog.rivalhost.com/12-types-of-ddos-attacks-used-by-hackers/ And This: https://mtgox.com/pdf/20130424_ddos_statement_and_faq.pdf (https://mtgox.com/pdf/20130424_ddos_statement_and_faq.pdf) Best, Cameron Halter https://ibtcard.com/ Title: Re: Seeking advice - DDOS attacks on exchanges, what gets hit by the attackers? Post by: monsterer on July 25, 2013, 07:01:20 AM Very helpful, thanks Cameron :)
Title: Re: Seeking advice - DDOS attacks on exchanges, what gets hit by the attackers? Post by: tradecoinz on July 25, 2013, 07:16:15 AM Very helpful, thanks Cameron :) No problem, feel free to PM me if you have any other questions. Cheers, Cameron Halter |