Real-life DDoS attack 真實世界的 DDoS 攻擊
Previously, you were introduced to Denial of Service (DoS) attacks. You also learned that volumetric distributed DoS (DDoS) attacks overwhelm a network by sending unwanted data packets in such large quantities that the servers become unable to service normal users. This can be detrimental to an organization. When systems fail, organizations cannot meet their customers' needs. They often lose money, and in some cases, incur other losses. An organization’s reputation may also suffer if news of a successful DDoS attack reaches consumers, who then question the security of the organization.
之前,你已經了解了拒絕服務(DoS)攻擊。你也學到,體積型分佈式拒絕服務(DDoS)攻擊通過發送大量不需要的數據包來壓垮網絡,導致伺服器無法為正常用戶提供服務。這對組織可能是有害的。當系統失效時,組織無法滿足客戶的需求。他們經常會損失金錢,在某些情況下,還會遭受其他損失。如果成功的 DDoS 攻擊的消息傳到消費者耳中,組織的聲譽也可能受到影響,消費者會質疑該組織的安全性。
In this reading you’ll learn about a 2016 DDoS attack against DNS servers that caused major outages at multiple organizations that have millions of daily users.
在這篇閱讀中,你將了解 2016 年針對 DNS 伺服器的 DDoS 攻擊,該攻擊導致多個擁有數百萬日常用戶的組織出現重大中斷。
A DDoS targeting a widely used DNS server
針對廣泛使用的 DNS 伺服器的 DDoS 攻擊
In previous videos, you learned about the function of a DNS server. As a review, DNS servers translate website domain names into the IP address of the system that contains the information for the website. For instance, if a user were to type in a website URL, a DNS server would translate that into a numeric IP address that directs network traffic to the location of the website’s server.
在之前的影片中,你學習了 DNS 伺服器的功能。作為複習,DNS 伺服器將網站的域名轉換為包含該網站資訊的系統的 IP 位址。例如,如果使用者輸入一個網站的 URL,DNS 伺服器會將其轉換為數字 IP 位址,將網路流量導向網站伺服器的位置。
On the day of the DDoS attack we are studying, many large companies were using a DNS service provider. The service provider was hosting the DNS system for these companies. This meant that when internet users typed in the URL of the website they wanted to access, their devices would be directed to the right place. On October 21, 2016, the service provider was the victim of a DDoS attack.
在我們研究的 DDoS 攻擊當天,許多大型公司正在使用一個 DNS 服務提供商。該服務提供商為這些公司託管 DNS 系統。這意味著當網際網路用戶輸入他們想要訪問的網站 URL 時,他們的設備會被引導到正確的位置。2016 年 10 月 21 日,該服務提供商成為 DDoS 攻擊的受害者。
Leading up to the attack
攻擊前的情況
Before the attack on the service provider, a group of university students created a botnet with the intention to attack various gaming servers and networks. A botnet is a collection of computers infected by malware that are under the control of a single threat actor, known as the “bot-herder." Each computer in the botnet can be remotely controlled to send a data packet to a target system. In a botnet attack, cyber criminals instruct all the bots on the botnet to send data packets to the target system at the same time, resulting in a DDoS attack.
在對該服務提供商的攻擊之前,一群大學生創建了一個殭屍網路,意圖攻擊各種遊戲伺服器和網路。殭屍網路是一個由惡意軟體感染的電腦組成的集合,這些電腦由一個被稱為“殭屍牧者”的單一威脅行為者控制。殭屍網路中的每台電腦都可以被遠程控制,向目標系統發送數據包。在殭屍網路攻擊中,網路犯罪分子指示殭屍網路上的所有殭屍同時向目標系統發送數據包,從而導致 DDoS 攻擊。
The group of university students posted the code for the botnet online so that it would be accessible to thousands of internet users and authorities wouldn’t be able to trace the botnet back to the students. In doing so, they made it possible for other malicious actors to learn the code to the botnet and control it remotely. This included the cyber criminals who attacked the DNS service provider.
這群大學生將殭屍網絡的程式碼上傳到網路上,讓成千上萬的網路使用者可以取得,並且使當局無法追查到這些學生。這樣一來,其他惡意行為者就能學習這個殭屍網絡的程式碼並遠端控制它。其中包括攻擊 DNS 服務提供商的網路犯罪分子。
The day of attack 攻擊當天
At 7:00 a.m. on the day of the attack, the botnet sent tens of millions of DNS requests to the service provider. This overwhelmed the system and the DNS service shut down. This meant that all of the websites that used the service provider could not be reached. When users tried to access various websites that used the service provider, they were not directed to the website they typed in their browser. Outages for each web service occurred all over North America and Europe.
在攻擊當天早上 7 點,殭屍網絡向服務提供商發送了數千萬個 DNS 請求。這使系統不堪重負,導致 DNS 服務關閉。這意味著所有使用該服務提供商的網站都無法訪問。當用戶嘗試訪問使用該服務提供商的各個網站時,他們無法被導向到瀏覽器中輸入的網站。北美和歐洲各地的網絡服務都發生了中斷。
The service provider’s systems were restored after only two hours of downtime. Although the cyber criminals sent subsequent waves of botnet attacks, the DNS company was prepared and able to mitigate the impact.
服務提供商的系統在僅僅兩小時的停機後恢復。儘管網絡犯罪分子隨後發起了多波殭屍網絡攻擊,但 DNS 公司已做好準備,能夠減輕影響。
Key takeaways 關鍵要點
As demonstrated in the above example, DDoS attacks can be very damaging to an organization. As a security analyst, it’s important to acknowledge the seriousness of such an attack so that you’re aware of opportunities to protect the network from them. If your network has important operations distributed across hosts that can be dynamically scaled, then operations can continue if the baseline host infrastructure goes offline. DDoS attacks are damaging, but there are concrete actions that security analysts can take to help protect their organizations. Keep going through this course and you will learn about common mitigation strategies to protect against DDoS attacks.
如上例所示,DDoS 攻擊對組織可能造成極大的損害。作為一名安全分析師,認識到此類攻擊的嚴重性是很重要的,這樣你才能意識到保護網絡免受其侵害的機會。如果你的網絡有重要的操作分佈在可以動態擴展的主機上,那麼即使基礎主機基礎設施下線,操作也能繼續進行。DDoS 攻擊雖然具有破壞性,但安全分析師可以採取具體行動來幫助保護他們的組織。繼續學習這門課程,你將了解常見的緩解策略來防範 DDoS 攻擊。