TechPublishing Now MS Certified

TechPublishing Now MS Certified
Professor Robert McMillen, MBA Microsoft Certified Trainer and Solutions Expert

Saturday, April 7, 2012

What if You Were the Target of a DOS Attack like Twitter?

What if You Were the Target of a DOS Attack like Twitter?

By Robert McMillen, Koin’s Tech Guru

This week we have an excellent question after the attacks on Twitter and other social networking sites.

Q- “After seeing Twitter suffer with a denial of service attack, I am wondering what I should do if someone tries to do the same to my network?”                       Dan G. from Portland
A-  Dan, I really like this question because if shows that you are a person who thinks about the big picture, and who is looking out for your business. This type of attack isn’t just a “hit and run” that happened to no one you know. It’s an attack that affected millions of people, and was caused by hackers turning thousands of infected computers into zombies that attacked Twitter and other sites. By sending a constant “ping” to a site, you can check to see if it’s alive. If you tell thousands of computers to send nonstop ping requests to a site then it will bring that site down.

For a little background information, the denial of service attack (DOS) is believed to be once again perpetrated by the Russians. When the attacks originate from many zombie infected computers, we say they are distributed (aka a DDOS). We can tell where the hackers originated because we know where the infected computers are looking for their instructions. This happened last year during the Russia-Georgia war over territory and other issues. Russia brought down the banking industry of Georgia and other online dependant systems for months before and after the war. They also defaced many websites.

This year it is widely believed Russia brought down Twitter and slowed down Facebook because of an anti-Russian Tweeter named Cyxymu.  Why did Russia bring down Twitter for everyone just because of this one person? Chief Research Officer of Internet security firm F-Secure put it best when he said, "Launching DDOS attacks against services like Facebook is the equivalent of bombing a TV station because you don't like one of the newscasters."

Always remember that Russia is filled with bad guys for leaders. Just because they come to the bargaining table to discuss bringing down some of their nuclear weapons doesn’t mean they are now “nice.” They want to dominate the world as usual, and will bully their way in by using the internet because it’s so easy to break.  Now I’m off my soap box. The good news is that when we move to IP version 6 in two years and away from the current version 4, the internet will be far more secure.

So, to answer Dan’s question about what to do if you’re the victim of a DDOS, I have some good advice. The easiest way to stop a DDOS on a small business network is to unplug your firewall for a minute. DDOS attacks are easily broken when you do this and they have to call the hackers to find out what to do next if they can no longer reach you. If it starts up again, you can reboot the firewall every half hour and things will return to normal for a while until it builds up steam once again. It is a pain, but it does work. The second thing to do is to find out who is pinging you to death.

Almost all modern firewalls keep a “state table.” This is a list of what computers are connected to you, or are trying to connect to you from the outside. It also works from the inside of your network and is very helpful when figuring out if one of your computers is infected. If you see a ton of requests from the same IP addresses, then you should call your internet service provider and provide them with those IP addresses. They don’t want them on their network either, so they will block them from ever getting into the system farther upstream. They will also call the ISP of the owner of the IP addresses and have them shut off the internet access of the person sending the never ending pings.

In a small network you can generally get this resolved the same day, but in a big network like Twitter it’s far more difficult. They have routers and switches all over the world, and it’s a much bigger task to track down all the computers trying to hit them at once. Little by little they get the IP addresses of the infected zombie computers off the internet until they are finally all gone.

Many small and medium-sized companies can take advantage of a device called an “intrusion prevention” appliance. This device can help protect you in case of an inside or outside attack, and can notify you before your network is brought completely down.  You can then take the appropriate steps as the device instructs you.

So to recap, Russia is still being governed by mostly bad people (Reagan was right), and Twitter was brought down because of one voice struggling to be free. Protect your company by understanding your firewall, or hiring a professional to audit your network security. The alternative is to unplug the internet from your network. We have a customer that is a dentist, and he decided to avoid all of these problems by never connecting his server or computers to the internet. We rarely ever have to come to his office to fix anything, but his employees are very bored with no one to tweet or face (electronically anyway).

To buy my latest book “How to be an IT Administrator,” go to

For more great tips, check back here each week and listen to me on the All Tech Radio show at 9:00 Sunday mornings on AM 1360 KUIK and at 10:00 AM on KOL in Seattle, or listen online at

If you would like your technical question answered here, just email Even if it doesn’t get answered in the column, I will always answer by email.

Published Monday, August 10, 2009 9:56 AM by Katatkoin