Distributed denial of service (DDoS) attacks are unfortunately par for the course on the Internet these days but when high-profile sites are targeted, the attacks are big news. Take for example last week’s DDoS attack on Twitter, which the microblogging site speculated was geopolitical in motivation.

Quick overview of DDoS

DDoS attacks are often caused by botnets flooding Web sites with requests thus bringing the site’s Web servers to their robotknees. A botnet is a collection of computers that have been compromised by viruses and worms so that they can be controlled by malicious individual(s). An example could be the collection of computers compromised by Conficker, however a Conficker botnet has yet to be leveraged to do harm.

In the case of Twitter, the irony is that it could have been the compromised computers of some of Twitter’s own users that caused the DDoS.

Are you part of a botnet?

So how do you know if your computer is part of a botnet? Here are some of the symptoms:

  • Your Internet connection appears slower than usual, which could be a sign that the botnet is using your connection to send and receive data.
  • Your computer seems slower than usual or crashes for no apparent reason.

Many worms have codes that change constantly making it difficult for antivirus software to detect them. DDoS attacks can be detected using Cisco NetFlow and Flow Analytics:

flow-analytics-overview

Learn more in part 2 of this blog series on how to identify a DDoS attack using NetFlow.

Jake Bergeron author pic

Jake

Jake Bergeron is currently one of Plixer's Sr. Solutions Engineers - He is currently responsible for providing customers with onsite training and configurations to make sure that Scrutinizer is setup to their need. Previously he was responsible for teaching Plixer's Advanced NetFlow Training / Malware Response Training. When he's not learning more about NetFlow and Malware detection he also enjoys Fishing and Hiking.

Related

Leave a Reply