Distributed denial of service (DDoS) attacks are unfortunately par for the course on the Internet these days but when high-profile sites are targeted, the attacks are big news. Take for example last week’s DDoS attack on Twitter, which the microblogging site speculated was geopolitical in motivation.

Quick overview of DDoS

DDoS attacks are often caused by botnets flooding Web sites with requests thus bringing the site’s Web servers to their knees. A botnet is a collection of computers that have been compromised by viruses and worms so that they can be controlled by malicious individual(s). An example could be the collection of computers compromised by Conficker, however a Conficker botnet has yet to be leveraged to do harm.

In the case of Twitter, the irony is that it could have been the compromised computers of some of Twitter’s own users that caused the DDoS.

Are you part of a botnet?

So how do you know if your computer is part of a botnet? Here are some of the symptoms:

• Your Internet connection appears slower than usual, which could be a sign that the botnet is using your connection to send and receive data.
• Your computer seems slower than usual or crashes for no apparent reason.

Many worms have codes that change constantly making it difficult for antivirus software to detect them. DDoS attacks can be detected using Cisco NetFlow and Flow Analytics:

Learn more in part 2 of this blog series on how to identify a DDoS attack using NetFlow.

Tags: antivirus software, botnet, Cisco NetFlow, conficker, Conficker botnet, DDoS attack, denial of service attack, Flow Analytics, how to guide, monitoring DDoS attacks with NetFlow, Twitter, worm, Worm Attacks

This entry was posted on Wednesday, August 12th, 2009 at 11:31 am and is filed under IT News, NetFlow, NetFlow Analyzer, Network Traffic Monitor, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.