2014: The Year of DDoS?
For the DDoS minded, it has been an interesting turn of the new year, and really interesting in the past few weeks. Newer and bigger attacks have been on the rise for a while, as mentioned by many analysts, and the media is writing more and more stories on DDoS, as they begin to affect ordinary people more and more. People are increasingly perceptive about online security, since their lives are increasingly taking place online. Edward Snowden’s revelations exposed the almost unfathomable scale of the government’s involvement in gathering data of people’s movements around the Internet, and have made the general public keenly aware of online security. It also revealed government involvement in trying to fight fire with fire: A British spy unit called Joint Threat Research Intelligence Group, or JTRIG, launched a DDoS attack against hacktivist groups Anonymous and LulzSec, using the classic, yet effective SYN flood attack.
Late last year, NTP attacks began to rise, and just earlier this week, the infamous Spamhaus DDoS record was broken. Whereas the Spamhaus attack was based on DNS amplification, the attack on an as yet unnamed CloudFlare customer was done using NTP amplification.
Bitcoin Recently Sustained a Massive DDoS Attack
Earlier this week, the Japanese Bitcoin exchange Mt Gox was hit by a “massive DDoS attack” after disputes about flaws in their systems. The Bitcoin exchange rate has plummeted and exchanges have halted payouts as they are out of sync with the Bitcoin network.
The trend to notice here is obvious: DDoS attacks are mostly very crude, and are effective at taking a victim off the grid. Launching attacks is getting easier as well; a technically unskilled user can launch a DNS reflection attack for example.
To effectively mitigate DDoS, to have an effective first line of defense, the intense, crude, volumetric component has to be taken care of first with high-performance networking hardware. But beware; more sophisticated application layer (L7) attacks are also on the rise, requiring compute-intensive Deep Packet Inspection (DPI). Classic security solutions such as firewalls, IPS and so on, are not effective at mitigating DDoS traffic at scale, due to their stateful nature. As a matter of fact, the security infrastructure is often the intended target: if the fuses of the network are blown, you no longer care about the intended service behind it.