Distributed denial of service attacks that leave the internet inaccessible to many users are becoming more common.
The disruption of internet-based services seems to be a favorite way to cripple businesses globally. These attacks are not limited to websites and major operators; this same breach could cripple a radio station’s services and audio streams. They could wreak havoc on remote broadcasts, transmitter links and other related services.
|This illustrates the basic scheme of a DDoS attack.
This is an unintended consequence of the fact that engineers have become dependent on internet services, since they are inexpensive to implement and simplify our jobs.
DDoS attacks are simple in nature: A nefarious person sets up millions of computers to swamp a target computer with a flood of requests for service. The target computer gets overwhelmed with the requests and crashes. Seems simple in theory and it is terrifyingly simple in practice.
A computer or cluster of computers is usually set up to offer services such as websites and email by being configured to “answer a specific door” (i.e., port number). Normally, the computer can handle requests for these services, and it is built to do so. In a DDoS attack, the attacker has as many computers as they can muster ask repeatedly for these services with no intent of actually receiving them. Since the computer offering services has to respond to each request, valid or not, it quickly runs out of resources and crashes.
The attacking computers are usually part of a network or “botnet” of compromised machines; the owners of the attacking computers usually have no idea that they are participating in an attack. Most malware on the internet seeks to compromise the computer and make it wait to be activated for use in an attack.
Imagine being on a remote with a Comrex BRIC link or a Barix encoder, or imagine having one of these units feeding the main audio for your station to a transmitter. These devices depend upon network connectivity to operate properly. They run the audio stream for your broadcast across the internet and, eventually, to the radio station or transmitter.
Unfortunately, these devices are also susceptible to DDoS attacks just like major websites. Clearly, this disruption would cause the audio to skip or completely cut off, and the only way to restore service would be to move the device to another IP, which may not be possible in the field.
In the case of station websites, these attacks could disrupt contesting or social media campaigns. There would be no easy way to fix this, unless the provider has a plan to deal with such attacks.
Most internet-enabled devices have some type of security in place to mitigate this type of disruption. That’s why Comrex BRICs and Barix devices have the ability to use alternate port mappings, and unused services can be disabled.
Often codecs are not placed behind a firewall due to audio latency issues, and because of this, engineers must take care to disable unnecessary services and change the default ports.
The best action an engineer can take when utilizing these units on the internet is to change the default ports and disable remote web access. It would also be advisable to have an extra static IP to which the device can be moved, if needed. Engineers should also use these units without DNS mappings — doing so will reduce the chance that someone can find the units IP addresses based upon the DNS name.
When examining the vulnerability of station websites, engineers need to work closely with their web hosting service providers to ensure that steps have been taken to safeguard these websites and other related online services. Providers should be well versed and provide the station or engineer with documented DDoS mitigation plans.
Cottingham is a former radio chief engineer, now working in streaming media.