DDoS Protection

Denial of Service, Distributed Denial of Service or DDoS attacks overwhelm a target with either too many connection requests or too much bandwidth. The intended result is to make the target inaccessible, although other infrastructure elements (routers, switches, load balancers, etc.) may suffer collateral damage along the path of an attack. A variety of attack types, including connection floods, TCP SYN floods, and ICMP/UDP floods may be used in such an attack. Attacks are often launched against high profile targets by using a network of zombie machines in a botnet. Sources can be forged, although targets are usually not forged.

Over the last two years, the term “DDoS attack” has made its way into the public media stream. Today even non-technical people are aware of the existence and potential impact of such attacks. In years past, DDoS attacks have been dominated by “volumetric” attacks usually generated by compromised PCs that are grouped together in large-scale botnets. Some well-publicized examples include the DDoS attacks against UK-based online betting sites where the hackers extorted the gambling firms, and the politically motivated DDoS attacks against the Georgian government.

This type of DDoS attack is generally high bandwidth and originates from a large number of geographically distributed bots. The size of these volumetric DDoS attacks continues to increase year over year, and they remain a major threat to enterprises and ISPs alike. In fact, according to Arbor’s sixth annual Worldwide Infrastructure Security Report (2010), the largest reported DDoS attack was 100 Gbps—representing a 100% increase over the size of attacks reported the prior year.

Not only are attacks increasing in size, but they are also increasing in complexity as new types of DDoS attacks continue to emerge and threaten the availability of Internet-facing businesses and services. Conduct a quick search on the Internet and it’s not difficult to find media coverage regarding online banking, e-commerce and even social media sites that have been victims of application-layer DDoS attacks. The motivation? Most of the time it’s for financial gain, but other incentives include political “hactivisim” or just plain old ego. And thanks to a growing trend of do-it-yourself attack tools and “botnets for hire,” even a computer novice can execute a successful DDoS attack. For example, possibly one of the most publicized series of DDoS attacks happened in 2010 when a group of Wikileaks supporters and hactivists known as “Anonymous” used social media sites to recruit and instruct supporters on how to download, configure and execute an application-layer DoS attack against several targets (the group called these attacks

“Operation Payback”). For those supporters who were not computer-savvy enough to conduct the DDoS attacks themselves, there was an option to “Volunteer your PC for the Cause,” in which case a member of Anonymous would take over the supporter’s PC and make it part of the botnet!

The bottom line: Never before has it been easier to execute a DDoS attack.