Ongoing DDoS Attacks on Multiple Grids

The Great Canadian Grid, DigiWorldz, YrGrid, and possibly Second Life have been, in recent weeks, hit hard by DDoS attacks. According to sources at DigiWorldz the attacks were very carefully aimed at the core servers, with not even a probe to any of the other servers leading the grid owner to believe that the attacks are not random.

Today, The Great Canadian Grid is down for the third time this month while, grid owner, Roddie Mocchi, works hard to track down the culprits of these attacks. He plans to press for prosecution of the perpetrators once found. He has optimistically informed residents that the grid will be operational tomorrow.

According to a news report on ars technica, since February of this year DNS servers have seen an escalating number of DDoS attacks that have increased in strength and sophistication. This appears to be a trend for which there are few tools to protect clients.

The Wikipedia defines a DDoS attack as, “A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic.

Charalampos Patrikakis, Michalis Masikos, and Olga Zouraraki explain in The Internet Protocol:

“DoS attacks attempt to exhaust the victim’s resources. These resources can be network bandwidth, computing power, or operating system data structures. To launch a DDoS attack, malicious users first build a network of computers that they will use to produce the volume of traffic needed to deny services to computer users. To create this attack network, attackers discover vulnerable sites or hosts on the network. Vulnerable hosts are usually those that are either running no antivirus software or out-of-date antivirus software, or those that have not been properly patched. Vulnerable hosts are then exploited by attackers who use their vulnerability to gain access to these hosts. The next step for the intruder is to install new programs (known as attack tools) on the compromised hosts of the attack network. The hosts that are running these attack tools are known as zombies, and they can carry out any attack under the control of the attacker. Many zombies together form what we call an army.”

Roddie’s server host, located in Florida, US also host DigiWorldz. They have informed Roddie that they cannot do anything more to prevent these attacks. It’s possible that we are all in for the long haul until internet security protocols and systems are developed for handling this malicious traffic.

DigiWorldz staff published a sample of the data logs for those interested in seeing what this process involves.

What can we end users do to help prevent these attacks? Don’t become a Zombie bot. These attacks rely on the use of unsuspecting host machines to direct the huge number of requests to servers. To be sure you are not making this easier for these criminals install and keep up to date antivirus software on your system and the systems of everyone you know.

It may not seem like a lot but, if we all work to spread the word, we may be able to significantly reduce the number of bots employed in these attacks. No slaves, no production.

The other thing we can do is to continue to support our grid owners with our positive attitudes and financial investment. The possibility of this spreading to other grids is only a matter of other server core targets being identified by the perpetrators.

Read:
Wired Hacker Lexicon: What Are DoS and DDoS Attacks?
Cisco The Internet Protocol Journal: Distributed Denial of Service Attacks
Webopedia: DDoS attack – Distributed Denial of Service

Remona Stormborn

Co-Owner of Gaia Foundation in the Great Canadian Grid. Owner of the Builders Resource Center, Rose City Design, & IDEA! in the Great Canadian Grid & InWorldz.

Latest posts by Remona Stormborn (see all)