Learning Lessons From the Twitter Outage
Unless you have been living in a cave or off the grid for the past 24 hours or so, you are probably aware that Twitter experienced a two-hour outage yesterday morning as a result of a distributed denial-of-service (DDoS) attack that overwhelmed its servers. The same attack was also targeted at other sites such as Facebook and Google, but Facebook only experienced performance issues and Google seems to have been relatively unaffected. What can Twitter learn from Facebook or Google to help it handle future attacks without a site outage?
First, a little post-mortem on the attack itself. From the information gathered thus far it appears to have been a politically-motivated attack against a single individual related to the tensions between Russia and Georgia. The individual in question, known by the handle Cyxymu, has accounts on Twitter, Facebook, LiveJournal, and Google blogs where he posted his views on the continuing struggle between the two states. The attack was apparently aimed at silencing him.
There is little that can be done to eliminate the possibility of a DDoS attack. Twitter used to go down on a regular basis as a result of a more organic denial-of-service otherwise known as being so popular that the volume of legitimate traffic overwhelmed the servers. A DoS attack is not that different except that the traffic is not legitimate and the servers are bombarded with requests for the intended purpose of overwhelming them and denying legitimate access to those resources.
Marcus Ranum, Chief Security Officer of Tenable Network Security, says "Back in the mid 1990s we concluded that denial of service attacks are ALWAYS possible. It's just a battle of creativity between the opponents and sooner or later someone will always have more bandwidth."
Does that mean that Twitter just has to accept that its site and service will crash and remain offline every time there is a DoS attack of some sort? No. Facebook did not experience an outage, just degraded performance. Google did not experience any noticeable performance issues. They were all targeted by the same attack so apparently Facebook and Google are doing something different that allows them to withstand the attack and remain online.
Ranum explains that "sites like Twitter will evolve to be able to handle huge loads over time, if they prove to be important enough to justify the build-out. The main thing sites need to think about is having a software architecture that can withstand success, because a DDoS attack, or a flash crowd from slashdot, or a big marketing success - all look pretty much like a huge load on the system."
Tony Bradley is an information security and unified communications expert with more than a decade of enterprise IT experience. He provides tips, advice and reviews on information security and unified communications technologies on his site at tonybradley.com .