A distributed denial-of-service (DDoS) attack, such as the one that took offline the website of the African National Congress (ANC), has the potential to negatively affect other parts of the network it is hosted on, chief client officer at Internet Solutions (IS), Costa Koutakis, recently told MyBroadband.
It all depends on the architecture of the network, Koutakis said, who went on to explain that the ANC website had to be taken down to ensure that other customers behind the same firewall were not affected by the DDoS attack.
Based on a notice on the ANC website itself, and the whois record for the domain, the server appears to be managed by Unwembi Communications. A list of clients on the Unwembi website confirms this.
Before explaining how they responded to the DDoS attack on the ANC website, Koutakis highlighted that such attacks are difficult to guard against, and before acting the destination of the attack has to be determined first.
In this case it was evident that the ANC website was being directly targeted.
A hacker-activist going by the name Anonymous Africa, or @zim4thewin on Twitter, announced almost an hour before the attack started that they intended to DDoS the website of the ANC.
The reason for the attack, according to Zim’s Twitter feed, was because the ANC is “one of the biggest enablers of the mass murdering Mugabe”.
Once IS had determined the destination of the attack, Koutakis said, they could make the site unavailable.
He added that the advantage of this response is that the rest of the sites hosted by their partners, such as Afrihost, are unaffected by the attack.
Asked whether removing the site is the only step necessary to protect the rest of their network from a DDoS attack, Koutakis said that they do take steps to ensure that their routers and switches aren’t overloaded either.
“We have the ability – from a network intelligence perspective – to route the traffic for [the site under attack] into a black hole,” Koutakis said.
Guarding against denial-of-service
When asked whether more could be done to protect against DoS and DDoS attacks, Koutakis said that they do have the ability to block such activity on their network, but added that DDoS attacks are “really not fair play from a technical perspective”.
It is possible for an attacker to make it incredibly difficult to detect and automatically respond to a DDoS attack no matter what measures you put in place, Koutakis said.
He added that they block such attacks on their network on a daily basis, as do other Internet service providers (ISPs).
“If a site is available to the outside world, it will be susceptible to these kinds of attacks,” Koutakis said.
“We are in the process of investigating options to be even more pro-active than we currently are,” he added.