This is the final part in a two-part blog series on using Cisco NetFlow to identify if your network is part of a botnet. Part 1 gave a quick overview of distributed denial of service (DDoS) attacks and how they’re often caused by botnets flooding Web sites with requests, thus making the Web site inaccessible to others.

It’s not just home computers that could be part of botnets. Any work computer could be compromised if users unwittingly download malware or visit malicious Web sites, putting corporate networks at risk.  How can Cisco NetFlow be used to identify DDoS attacks?
Read more »

Distributed denial of service (DDoS) attacks are unfortunately par for the course on the Internet these days but when high-profile sites are targeted, the attacks are big news. Take for example last week’s DDoS attack on Twitter, which the microblogging site speculated was geopolitical in motivation.

Quick overview of DDoS

DDoS attacks are often caused by botnets flooding Web sites with requests thus bringing the site’s Web servers to their knees. A botnet is a collection of computers that have been compromised by viruses and worms so that they can be controlled by malicious individual(s). An example could be the collection of computers compromised by Conficker, however a Conficker botnet has yet to be leveraged to do harm.

In the case of Twitter, the irony is that it could have been the compromised computers of some of Twitter’s own users that caused the DDoS. Read more »

DoS, DDoS, same thing right?

Do you ever find yourself explaining to peers or management the differences between various potential network attacks?  Or maybe you are the one asking?  Well, don’t feel bad because pretty much everyone starts out by asking something like “is a DoS the same as a DDos?”.

Maybe you actually googled up the differences but, many of us (i.e. me included) start by asking a peer a question like “can you tell me what a SYN flood is?”.  Well, one of my peers shared a link with me that explains several of these attacks and now I’ll share this understanding DoS and DDoS attacks for Dummies link with you.

It is Important to Understand

It is important that we as managers understand these attacks.  Once we comprehend the potential issue, it  helps us appreciate capital requests  submitted for hardware and software that combats these real threats to our business.

You can Guard Against threats with NetFlow

Scrutinizer with Flow Analytics constantly watches for various types of attacks against the servers on the network.  It does this by watching the flows from all the routers (i.e. hundreds), not just one or two.  It provides advanced details like the country the attack came from, the service provider responsible for the source IP (if legitimate), google map location and much more.  Call us if you haven’t had it setup for your company yet.

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter