Monday the 23rd of August was a big day for many Irish students as their anxious wait to see if they had been accepted into their preferred third level college was finally over. Many logged onto their computers and nervously accessed the CAO website. However, many were ùnable to access the site as the CAO website was victim to a malicious attack. According to a press release issued by the CAO yesterday “Access to the CAO website was affected because of a malicious attack from an unknown source this morning. The CAO website was available intermittently between 6.10 am and 1 pm today when the problem was resolved by CAO technical staff. The system is being monitored 24 hours a day to ensure continuity of online services.”
Without hard facts on exactly what type of DOS attack it was and other details of the attack it is difficult to make any judgement on the event. However, yesterday’s attack highlights that no matter what business your organisation is in you need to accept that once you are connected to the Internet you are a potential victim of an attack. At IRISSCERT, www.iriss.ie, we see attacks against Irish websites on a daily basis. Most of these attacks are by criminals targeting websites to use them to host their criminal activity, be that hosting a phishing site or spreading computer viruses.
Without the details of the attack it is hard to know what exactly happened. DOS attacks can take various forms from flooding the network bandwidth with so much traffic you cannot reach the site, to the server not having enough CPU or memory to cope with the load, to exploiting software bugs in the operating system, website software or the web application to cause the server to become unavailable.
Defending against a DOS or DDOS attack can be difficult but some steps can be taken to reduce the risk of becoming a victim;
They are other techniques that can be used to mitigate the impact of these attacks but the bill can soon start getting higher and higher and it ends up with who has the most resources, the attacker or the defender.