| WHY TRADITIONAL SECURITY PRODUCTS FAIL TO STOP DDOS Routers, firewalls and IDS may not be enough to cope with a DDoS attack... |
 |
| VULNERABILITY ASSESSMENT Rather than wait until your company is targeted you can have your systems' vulnerability tested FREE by a Webscreen security expert... |
|
| WHERE TO BUY Find out where to buy total protection for your webserver... |
|
| DOWNLOAD
BROCHURES Download the Webscreen product brochures. |
|
| DOWNLOAD
WHITE PAPER Download our free White Paper: Extending Network Integrity Software to Deliver Guarantee of Service (GoS) for Critical Applications and Services. |
DDoS attacks on Estonia: what really happened?
A blow-by-blow account of how the Estonian government was nearly brought to its knees by DDoS
At the end of April 2007, the small but hi-tech Baltic republic of Estonia came under a sustained distributed denial of service (DDoS) attack that lasted for nearly two weeks – allegedly commanded by the Russian government.
News reports at the time suggested that the DDoS attacks were co-ordinated from the Kremlin, which, along with thousands of Russians living in Estonia, was angry at the moving of a Soviet war monument from the centre of the country’s capital city. Now the dust is settling on the affair, it is worth looking at what exactly happened.
Estonia’s DDoS attacks
According to The Economist, the DDoS attacks – or “internet warfare”, as it terms it – broke out on 27 April and peaked on 9 May.
The DDoS attacks were accompanied by “rioting and looting by several thousand protesters from Estonia’s large population of ethnic Russians, who tend to see the statue as a cherished memorial [while] Estonians mostly see it rather as a symbol of a hated foreign occupation.”
SCMagazine.com website reported that there were 128 separate, unique DDoS attacks on Estonian websites during the two weeks following 27 April. The attacks took the form of “floods” – sending packets of data to the sites that would have been harmless on their own, and hence would get past most firewalls. When sent from multiple computers, though, the websites attacked were paralysed.
The website said that, “According to Jose Nazario, a senior security researcher … the attacks lasted from short, half-hour bursts to one lasting more than 10 hours. He noted that 10 of the attacks consumed 90 Mbps of bandwidth.”
Were the Russians behind the DDoS attacks?
Some of the attacks defaced Estonian websites, often replacing the pages with Russian propaganda, but most just concentrating on shutting the sites down. The Economist reported that at least six Estonian government sites were made inaccessible, including those of the foreign and justice ministries.
The assertion that the Kremlin was behind the DDoS attacks prompted quotes from senior NATO officials confused by the position of DDoS in international law.
“If a member state’s communications centre is attacked with a missile, you call it an act of war. So what do you call it if the same installation is disabled with a cyber-attack?” one was quoted as saying, while two of NATO’s top specialists in “internet warfare” and an un-named American travelled to Tallinn “to observe the onslaught”.
Where did the DDoS attacks originate?
Meanwhile, many of the DDoS attacks came with the culprit's electronic fingerprints – and the Estonians said some of the earliest came from computers linked to the Russian government.
Most of the DDoS attacks started from many thousands of ordinary computers all over the world, however – including the USA, Brazil, Canada and Vietnam. Some were run by private citizens angry with Estonia, many of whom posted instructions on how to launch DDoS attacks on Russian-language internet sites.
Many other DDoS attacks come from “botnets”—chains of computers hijacked by viruses to take part in such raids without their owners knowing. “Such botnets can be created, or simply rented from cyber-criminals,” The Economist points out.
To keep its sites available to its own people, Estonia had to cut access from outside its borders. According to one Estonian internet expert, this sent his country “back to the stone age, telling the world what is going on with phone and fax”.
Impact of DDoS attacks
By 18 May most of the sites were back up and running – and the Estonian government was backtracking on its original assertion that the DDoS attacks had been at the behest of the Kremlin.
Regardless of who was behind the incident, it certainly demonstrated what can happen if governments don’t do more to secure their IT infrastructure.
Webscreen is an IT network security technology designed to protect web servers and other network appliances from a DDoS attack. Its unique Guarantee of Service (GoS) technology lessens the impact of DDoS attacks and lets IT managers maintain access for critical system users and important customers during periods of high network activity.
Webscreen also includes a range of network optimisation and monitoring tools to help deliver maximum performance from your network infrastructure resources. To find out more, call 0870 3890022.
