|Read the Digest in
You need the free
The digest of current topics on Continuous Availability. More than Business Continuity Planning.
BCP tells you how to recover from the effects of downtime.
CA tells you how to avoid the effects of downtime.
Thanks to This Month's Availability Digest Sponsor
In this issue:
Browse through our Useful Links.
See our article archive for complete articles.
Sign up for your free subscription.
Visit our Continuous Availability Forum.
Check out our seminars.
Check out our writing services.
DDoS Attacks – Availability’s Biggest Challenge
This issue of the Availability Digest is focused on DDoS attacks. A DDoS attack causes a massive amount of traffic to be sent to a web site in an attempt to disable it.
The rate and size of DDoS attacks are increasing rapidly. Prolexic, a DDoS mitigation firm, reports that it detects and blocks 7,000 DDoS attacks a year for its customers. DDoS attacks in 2012 increased over 50% from 2011 and are achieving malicious data rates of several hundred gigabits per second, enough to overwhelm all but the largest of web sites.
DDoS attacks can be mitigated by searching for signatures (code snippets) that are associated with the attack and by using them to configure firewalls and intrusion-prevention appliances to block malicious traffic. If these devices become overwhelmed, companies can turn to DDoS protection services that will scrub their data, thereby removing malicious traffic and returning only legitimate traffic to the customer.
DDoS attacks represent a major threat to system availability – perhaps one of the worst threats ever because backup data centers are of no help. Companies must expect the unexpected DDoS attack and be prepared to continue in operation if their public-facing web services are no longer available.
Dr. Bill Highleyman, Managing Editor
From March 18th through March 28th, Spamhaus, a spam-filtering site, was swamped with up to 300 gigabits per second of traffic in the largest reported Distributed Denial of Service (DDoS) attack in the history of the Internet. How was this amount of traffic generated?
The answer is that a well-known flaw in DNS servers known as open resolvers was used to generate the massive amount of malicious traffic. Spamhaus survived the attack by enlisting the services of a DDoS protection vendor that spread the traffic over its 23 worldwide data centers.
Gone are the days when a major data-center failure followed by a failover fault to another data center was the only way to lose all IT services. DDoS attacks now can have the same impact. However, recovery time is not a matter of minutes or hours as backups are brought up. Rather, recovery time is up to the attacker.
Companies must now take into account this type of data-center failure, and the Business Continuity Plan must deal with the continuation of services when system response times become so long that IT is unable to support the company’s operations.
A DDoS attack causes a massive amount of traffic to be sent to a web site in an attempt to disable it. The web site is so overwhelmed by the malicious traffic that it cannot respond to legitimate requests and is effectively down.
The volume of attacks and their sizes continue to increase, according to Prolexic, a firm that offers DDoS attack mitigation services. Prolexic detects and blocks between ten and eighty DDoS attacks every day for its customers. Prolexic mitigated more attacks in the first quarter of 2012 than it did in all of 2011. The norm of 10 gigabit per second (gbps) attacks has grown to over 50 gbps. A recent attack on Spamhaus exceed 300 gbps.
Prolexic monitors worldwide DDoS threats. It publishes a quarterly report that summarizes DDoS activity for the quarter and compares it to past periods. In this article, we review Prolexic’s findings as published in its fourth quarter, 2012, report.
DDoS attacks are on the rise. They are becoming more frequent and are gaining in size. Toolkits such as itsoknoproblembro are bringing sophisticated DDoS technology to more and more hackers.
Companies must plan for unexpected DDoS attacks because they are not going to go away.
Botnets are bad. The DDoS attacks that they can launch are even worse. The damage DDoS attacks can do to a company’s public-facing Internet services, such as web sites, or to the Internet in general is massive. The concept of DDoS attacks is simple. Generate enough malicious traffic to a web site, and it will be unable to respond to legitimate requests.
DDoS attacks take many forms. Some attack the Internet Layer (Level 3) and Transport Layer (Level 4) of the Internet Protocol Suite. Others attack the Application Layer (level 7). A particularly vicious form of a DDoS attack is a DNS reflection attack, in which a short request to a DNS server results in a large message sent to the victim machine.
In this article, we describe the most common DDoS attacks and what can be done to mitigate them.
DDoS attacks are increasing in frequency and in size every year. Companies must prepare for the likelihood of losing their public-facing web services and must make plans for how they will continue in operation if these services are taken down. This should be a major topic in their Business Continuity Plans.
Prolexic focuses solely on mitigating Distributed Denial of Service (DDoS) attacks. Many companies – ISPs, telcos, Content Distribution Networks, DNS service providers, and others – offer these services on their platforms but only as an adjunct to their normal business activities. Prolexic is unique in that its data centers are dedicated solely to DDoS attack mitigation.
Prolexic employs a layered defense against DDoS attacks to block attack attempts and to keep legitimate traffic flowing. It uses experts to analyze traffic and to identify malicious traffic and its signatures. It develops defenses against new and changing attack signatures in real time. It provides emergency bandwidth through its scrubbing centers to allow a customer to weather an attack.
Not only are DDoS attacks here to stay, they are getting bigger and more frequent. In a recent report, Gartner stated:
“DDoS mitigation services should be a standard part of business continuity/disaster recovery planning and be included in all Internet service procurements when the business depends on the availability of Internet connectivity. Any Internet-enabled application that requires guaranteed levels of availability should employ DDoS protection to meet those requirements.”
Companies must be prepared for the unexpected DDoS attack. Mitigation services such as those from Prolexic are perhaps the ultimate defense.
Sign up for your free subscription at http://www.availabilitydigest.com/signups.htm
Would You Like to Sign Up for the Free Digest by Fax?
Simply print out the following form, fill it in, and fax it to:
+1 908 459 5543
The Availability Digest is published monthly. It may be distributed freely. Please pass it on to an associate.
Managing Editor - Dr. Bill Highleyman firstname.lastname@example.org.
© 2013 Sombers Associates, Inc., and W. H. Highleyman