Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Door Arjen van der Meijden

Lead Developer

RioRey RX1810: how to put a firewall through hell

The DDoS

While there is a whole range of possible attacks, a few are specially relevant to websites. First, an attacker may simply generate such a large amount of traffic that regular traffic no longer reaches its destination. Such a brute force attack usually consists of UDP or ICMP traffic, but may also consist of bare TCP or even bare IP packets.

A more 'intelligent' way of doing this is to send specially constructed TCP packets that disrupt the network layer. This way, new connections may continuously be half or fully opened so that the lists with open connections get flooded and legitimate users may no longer connect. These attacks are known as SYN and SYN/ACK floods, respectively.

Finally, it is possible to make use of errors or heavy webpages in web applications or bugs in web servers or network layers, for instance by sending a stream of special requests that cause a web server to crash time and again.

The defence

There is not much one can do about a brute force attack, except to discard the surplus traffic as quickly and effortlessly as possible. This way, as little processor power as possible is wasted on the attack, and there will be some capacity left to deal with regular traffic.

SYN and SYN/ACK attacks do not rely on brute force, but rather exploit the fact that a server can only accept so many connections. Especially Apache can be vulnerable to this type of attack. Unfortunately, there are no really good protective measures for these types of attacks at the application level, although some web servers are capable of accepting many more connections simultaneously. Therefore, this type of attack is our primary motive to install an additional protective layer.

The best way of preventing the third type of attack is to keep the software up-to-date. If a piece of software contains a DoS bug, a firewall will probably not be able to do anything about it. In most cases the best defence is to update the software or to change the configuration.

Here at Tweakers.net we always try to make sure that the website operates smoothly and reacts quickly and we have a excessive capacity for dealing with peak loads. This makes that the last variant of DDoS attacks are somewhat less interesting for attackers, partly because these attacks may already be averted by the protection against other types of attack.

Practical experience shows that attackers often try several types of attack and then combine the successful ones. It will be evident that this kind of behaviour makes it even more difficult to set up a successful DDoS defence.


Apple iPhone XS HTC U12+ dual sim LG W7 Google Pixel 3 XL OnePlus 6 Battlefield V Samsung Galaxy S10 Google Pixel 3

Tweakers vormt samen met Tweakers Elect, Hardware.Info, Autotrack, Nationale Vacaturebank en Intermediair de Persgroep Online Services B.V.
Alle rechten voorbehouden © 1998 - 2018 Hosting door True