Escolar Documentos
Profissional Documentos
Cultura Documentos
NO Title Page
1 Case description 3
2 Causes DDOS 4
3 Law that aim DDOS 5
4 Solution of company 6
5 Conclusion 7
Case description
Another online news site, Malaysiakini, said its system was hit by an unsuccesful
distributed denial-of-service (DDoS) attack a few days ago.
A spokesman for Malaysiakini, who also asked not to be named, said such attempts
were nothing new to the site.
Causes DDOS
In a message posted on its website following the hacking, the Insider asked its readers
to avoid any unnecessary or irresponsible speculation.
A DDOS(Distributed Denial of Service) attack is a method hackers use to make a
service inaccessible. They prepare this by flooding the target with a gigantic amount
of traffic or requests.
Expression of fury and disapproval: Attackers might use the DoS attack as a way
of criticizing the company or government organization for exhibiting unwanted
political or geopolitical, economic or monetary behaviors.
Punishment for undesired activities: A DoS attack might target to punish the
victim for refusing an extortion request or for causing disruption to the attackers
business model (e.g., spam-sending operations).
No obvious reason at all: Unfortunately, many DoS victims certainly not learn
what motivated the attack.
Under Malaysian law, anyone found guilty of hacking into a computer can be fined up
to RM100,000 or be jailed up to seven years, or both.
According Computer Crime Act 1997. Computer Crime Act 1997 aims to provide for
offenses relating to the misuse of computers. Among other things, it deals with
unauthorised acts with intent to impair, or with recklessness as to impairing, operation
of computer, etc.
Under the Act, this is fairly straightforward. The one most likely to apply to DDoS
attacks would be to prevent or hinder access to any program or data held in any
computer, in that the purpose of a DDoS is usually to shut down a website. A bit of
legal logic is required, in assuming that a server (or set of servers) counts as a
computer, and a website and the services it offers count as either programs or data.
The key word in this section is probably intends.
This means that just visiting a website (for example, to see if a DDoS attack has taken
it down) should not count as illegal under this subsection.
The aim of this post will be to examine the relevant part of this law and how it applies
to DDoS attacks. As always, it should not be taken as legal advice, and any
corrections and thoughts are most welcome.
Solution of company
The greatest way to ensure that organization reacts as quickly and efficiently as
possible to a DDoS attack is to create a playbook which documents in element every
step of a pre-planned response when a attack is detected.
This should consist of the actions detailed above, with contact names and telephone
numbers of all those who may need to be brought in to action as measure of the
playbook's plan. DDoS mitigation companies can help with this by running a
simulated DDoS attack, enabling you to develop and refine a rapid corporate
procedure for reacting to a real attack.
An vital part of your planned response to a DDoS attack that should not be
overlooked is how you will connect the problem to customers. DDoS attacks can last
as long as 24 hours, and good communication can make sure that the budget to your
business is minimized while you remain under attack.
Since this is the question about DDoS, finding out the single slave machine's IP
address and adding it to the blacklist does not help. Here the the Network , which is
launching the attack has to found and blocked. Blocking can be done via either the
iptables or by Improvement Policy Firewall.
Conclusion
you cannot guard your company from a DDoS attack 100% of the time. The real
problem is that many times companies arent even alert that their network is under
attack until it is too late but you can establish a proactive defense. One way to do that
is by using a high-performance DDoS mitigation device that is able to detect and react
to an attack on the cloud. While employing a high-performance DDoS mitigation
system still doesnt protect you from 100% of the attacks but it can protect you from a
huge quota of them.
In addition, verify that you have full bandwidth in the incident of an attack.This wont
stop the attack but it may give you some more time to react to the invasion. Its also
extremely key that you have a plan for it so youre ready when your network comes
under attack.
As innovation builds up, the law needs to respond to these new developments to deter
those who would abuse and misuse the new technology.