On Saturday February 11, 2012 Anonymous Group coordinated a DDoS attack against Panama government website www.presidencia.gob.pa. The site suffered initially from service disruption but was restored shortly.
What can we learn from this case?
- Hacktivism surpasses financially motivated attackers. Even if you are not a G7 or G10 country – you still are a potential victim to cyber-hacktivism. Israel, Turkey, New-Zealand government site also have been attacked. Reassess your risk.
- Attackers deploy multi-vulnerability attack campaign comprising of network flood attacks, Web flood attacks and directed DoS attacks. In the attack on Panama government site the LOIC and Mobile-LOIC tools have been used - generating multiple attack vectors: volumetric UDP flood attacks, TCP connection flood attacks and HTTP page flood attacks. Learn what attack tools are used. Test your security solutions against the tools.
- Trying to block non-local (Panama) traffic turned out to be useless. The majority of attackers were from Panama! Geo IP blocking will not help in many cases.
Best DDOS Protection practices
To fully protect your online presence on the Internet you need a combination of the following protection measures:
- DDoS mitigation from your service provider – service providers offer today a clean-link security solution, which is effective in removing mainly the network flood attacks which may cause denial-of-service due to link saturation.
- On-premises Anti-DoS and Behavioral Analysis tools – this enables you to remove the application flood attacks and the directed DoS attacks (such as Slowloris, RUDY). It also blocks the network flood attacks that may leak through your SP security solution.