DDoS attacks growing in size, break attack bandwidth barrier, Arbor Networks says

Ryan Cloutier, Contributor

Distributed denial-of-service (DDoS) attacks

Requires Free Membership to View

have increased in both size and frequency over the course of 2010, according to the Worldwide Infrastructure Security Report, assembled by Arbor Networks Inc.


These attacks are harder to detect; they're more stealthy, they don't generate a large network bandwidth but they're equally capable of taking down a network.
Carlos Morales,
vice president for global sales engineering and operations, Arbor Networks

Arbor Networks surveyed the single largest attack bandwidth in 2010 at 100 Gbps. This is the first time the attack bandwidth broke that barrier, and it represents a 102% increase over the largest attack in 2009, according to the report. It also represents a 1,000% increase in attack size from when Arbor Networks began its survey in 2005, according to Carlos Morales, vice president for global sales engineering and operations at Chemlsford, Mass.-based Arbor Networks.

Cybercriminals can generate a large volume of traffic due to the proliferation of technology, Morales said. Between smartphones with 3G or 4G capabilities and wired broadband networks, the equipment available for botnet exploitation ranges in the billions of devices and represents far more than the amount of bandwidth available to most network operators, Morales said.

Application-layer DDoS attacks, similar to the attacks used in the WikiLeaks debacle by members of the "Anonymous" group, are also becoming more prevalent. These are more difficult to detect and utilize sophisticated tools to generate traffic that firmware handles in some way.


More on DDoS:
DDoS mitigation expert predicts more serious application-layer attacks:
The WikiLeaks "hacktivist" DDoS attacks pale in sophistication to the more serious application-layer DDoS threats of the future.

Distributed denial-of-service protection: How to stop DDoS attacks:
In this tip, which is a part of our Web Application Attacks Security Guide, you will learn what a distributed denial-of service (DDoS) attack is, and learn how to stop it.

Can service providers prevent DDoS attacks?
The results of a DDoS attack can be crippling, but what are service providers doing about the threat?

Arbor Networks is tracking an increase in application-layer attacks against critical infrastructure. HTTP and DNS servers are the primary victims; however, these attacks also target SMTP and VOIP infrastructure and are much more serious, Moralles said.

"The challenge with [application-layer attacks] is these attacks are harder to detect; they're more stealthy, they don't generate a large network bandwidth but they're equally capable of taking down a network," Morales said.

The "threat to defense gap" is also as wide as it has been since the inception on DDoS, Morales said. This is largely due to the current practice of defenders using traditional means, such as firewalls, to defend their servers and datacenters.

Firewalls specifically protect against infiltration attacks and block unsolicited connections. While this is useful to a consumer or a business, when used in a server or data center environment, they become chokepoints. All of the requests coming into such a location are unsolicited. This consumes the resources of the firewall, which causes it to fail under the load of the attack, Morales said.

"In 2002 the largest single attack was 400 Mbps, the largest single attack in 2010 was 100 Gbps, that represents several orders of magnitude growth in terms of attack size," Morales said. " What that projects to if you look at 2015 or 2020 is just astronomical … so you have to kind of project out what the future may lay from this and say that this is something that is going to have come to a head and we're going to have to take steps to resolve."