DDoS Detection, Mitigation, Orchestration, and Threat Intelligence
Consolidated Security & CGNAT
TLS/SSL Inspection
Web Application Firewall
Application Security & Load Balancing
Analytics & Management
CGNAT & IPv6 Migration
October 1, 2019
In this video, Solutions Architect, Ahmad Nassiri, explains what the Mirai DDoS attack is, the way it works and how to protect your networks against it and similar botnet attacks.
Hi today, we’re going to talk about the Mirai botnet.
...what Mirai is and how to protect your networks against it. Mirai was specifically designed to infect and compromise IoT devices, IoT devices, being internet of things.
And these could be your IP cameras, smart thermostats, or DVRs. The way the Marai Botnet works is that you have an attacker and he has a command and control center.
And with that, he has a whole herd of bots that he controls and these could be and the thousands.
Whenever he wants to, he can command these and control them and point them to attack any victim or target IP address to overwhelm that network and take it offline.
So, how does it affect the IoT devices? The way the Mirai botney infects IoT devices is that it scans, the internet looking for IoT devices that are still using their default usernames, and passcodes. In some cases those could be hard coded as well, but it’s usually those default usernames and passcodes.
Not many people like to change those and that’s why it’s easy for the botnet for it to grow enormous in size.
So, how do you protect against it? At A10, we use our Threat Protection System solution to protect against any sort of DDoS attack, including a complicated attacks such as Mirai.
Mirai being complicated, because it not only infects multiple nodes easily by infecting it using the default username and password, but you can also simultaneously use multiple attack vectors to target that Specific IP address. In this case, multi-vector attacks could be arranged anywhere from application layer attacks, such as the “low and slow” attack, slow Loris, or it could do R.U.D.Y. attacks, etc. … all the way down to the network layer attacks. The flood attacks, the Syn floods and TCP/UDP floods, etc.
So you can use those simultaneously to attack the target and that actually disrupts … a lot of the legacy systems that are in place right now for DDOS attack protection … or even your security devices will not be effective against protecting against these more of the sophisticated, multi-vector types of attacks.
We have developed five, principal methods for effective DDOS attack protection.
One is our Anomaly Check.
With Anomaly Check, what we basically do is we check for traffic and poor conformance, pack conformance.
We’re checking for RFC standards. If it matches … if it doesn’t, it gets dropped and hardware. Two, we do Black and White Lists.
Three, we also do Authentication Challenges. That’s basically to check the source origin to validate that it’s an actual person and not a robot.
Four, we also do Rate Limiting.
And Five, we can do Protocol and Application Checks.
Using these five methods, we can effectively mitigate the DDoS attack, even if it is multiple types of attacks that are thrown at us or at the target that we’re protecting simultaneously.
Once we identified the DDoS attack, we can actually apply an action to that specific traffic. We can either Blacklist the attack, drop the attack, reset the attack or authenticate it if it passes one of our authentication challenges.
With that, thank you for watching the video and I hope you learned something new.