• Skip to primary navigation
  • Skip to main content
Carbon60

Carbon60

The Managed Cloud Difference

  • Show Search
  • Contact Us
  • Get Started
Hide Search
  • Cloud Adoption
    Cloud Adoption

    Starting or continuing on your cloud journey — whether public, private or hybrid — is a complex undertaking. But no matter your company size or industry, our cloud consulting experts can help with end-to-end solutions to plan, migrate and operate your business in the cloud.

    • Cloud Readiness Assessment

      Chart a new course for your IT environment with a Cloud Readiness Assessment. With a proven process, we take into consideration your technology, people and business strategy and tailor a public, private or hybrid cloud environment that will set your organization up for success.

      Learn more
    • Cloud Migration Services

      Cloud migration can transform your business and give you a competitive edge – when done properly. Our cloud experts will help you move complex workloads to the right cloud environment, the right way – tailored for your specific needs.

      Learn more
    • Cloud Launchpad
    • Modernization
    • Cloud Security & Compliance
  • Managed Cloud
    Managed Cloud

    Get the most out of the cloud and keep your IT team out of the weeds. Gain predictability and control around security, compliance, agility, reliability, performance – and cost – by tapping into our standard-setting managed cloud services.

    • Managed Private Cloud

      Safe, stable, fast, compliant, secure and fully managed – get a reliable and data sovereign cloud infrastructure platform for your applications.

      Learn more
    • Managed Public Cloud

      Experience matters. Whether you choose Managed AWS, Azure or Google Cloud, we can take care of the heavy lifting while you focus on your business.

      Learn more
    • Cloud Backup
    • Cloud Disaster Recovery
    • Security
    • Managed Public Cloud
    • Cloud Disaster Recovery
    • Applications
  • Industries
    Industries

    When it comes to financial services, healthcare, public sector and technology – there is simply no room for error or uncertainty when it comes to data security and compliance. There are specific and important considerations that we are well-versed in navigating. We’re trusted by governments and organizations to safely house mission-critical functions every day.

    • Financial Services

      Increase go-to-market speed, while meeting SOC2, PCI-DSS and OSFI B10 regulatory and organizational obligations.

      Learn more
    • Healthcare

      Get secure, scalable high-performance data, while improving the patient experience and addressing every compliance and privacy requirement.

      Learn more
    • Public Sector
    • Technology
  • Partners
    Partners

    Simply put – the right technology and the right platform is the one that’s right for your business. We’re highly certified and experienced in the major public clouds – so regardless of complexity, customization or preference – we’re well-equipped to have your back every step of the way.

    • AWS

      AWS Premier Partner with 100+ AWS certifications and counting.

      Learn more
    • Microsoft Azure

      Gold Microsoft Azure Partner with core competencies and certifications.

      Learn more
    • Google Cloud
    • VMware
  • Insights
    Insights

    Sharing knowledge and expertise is a big part of how we’ve evolved - and how we help our customers.

    • Blog

      Stay up to date with the latest trends and developments in the fast-moving world of digital transformation.

      Read
    • Events

      Make sure to join us for our next event and connect with cloud experts who have a lot to share.

      Attend
    • Resources

      Your toolkit to do a deeper dive with case studies, info sheets, checklists and more.

      Explore
  • About
    About

    We’re on a mission to bring digital transformation to more businesses, by making forward-thinking cloud strategy – and high-performance cloud services – more accessible.

    • Leadership

      Meet the leadership team who are driving our vision forward.

      Learn more
    • About Carbon60

      Learn more about who we are, and how we help our customers evolve with confidence.

      Learn more
    • Careers
    • News
  • Contact Us
  • Get Started

The Truth about DDoS Attacks: Part 1

May 1, 2013

Distributed Denial of Service (DDoS) attacks are a plague on the Internet. In the last 5 years, the magnitude of DDoS attacks has steadily increased to the point that in a recent NYT interview Matthew Prince from CloudFlare compared DDoS attacks to “nuclear bombs” in their capacity to cause wide-spread damage. While, as the CEO of an Internet security company, Mr. Prince is guilty of some self-interested hyperbole there is no question that the amount of targeted and collateral damage from DDoS attacks continues to escalate. Not just individual websites but major hosting centers and regional Internet services are being compromised by these attacks. At the same time it only takes a small DDoS attack to disrupt the vast majority of websites on the Internet. In this article, we will examine the scope of the DDoS problem and then make suggestions on the best ways of dealing with this threat if you have a business-critical website.

Both the frequency and amplitude of DDoS attacks have risen rapidly in the last five years. Figure A shows the average growth of DDoS attacks as well as the peak size of attacks monitored by Arbor Networks since 2009.1 Given that 100 Mbps of sustained traffic will grind the vast majority of websites to a halt, today’s average-sized DDoS attack of 1 Gbps (i.e. 100 Mbps x 10) is almost always fatal to its intended target.

Moreover, as an attack grows beyond 100 Mbps the likelihood of collateral damage increases rapidly. Any inbound or outbound attack 100 Mbps or larger is very likely to “sideswipe” other sites sharing hosting infrastructure with the target website. The extent of the collateral damage will depend on the exact nature of the hosting solution and the hosting provider’s system architecture. The more shared and the less distributed the architecture is, the greater the risk of collateral damage. Attacks in the 5 to 10 Gbps range are likely to cause significant collateral damage to all sites hosted in the same datacenter. Attacks in the 50-100 Gbps range are likely to cause serious issues for the world’s largest hosting facilities as well as
regional Internet services.

Figure A: Average Monitored Attack Sizes Month-by-Month (January 2009-Present)

Major Internet hubs routinely handle Tbps of Internet traffic and, therefore, remain responsive through even the largest attacks. However, even these hubs may be threatened in the future as the peak amplitude of DDoS attacks increases through: the ongoing development of more powerful DDoS tools and techniques; the possibility of a state-sponsored attack; and the global explosion of broadband connected wireless devices which offers a powerful new platform for high-powered DDoS attacks.

It is not just the growing amplitude of DDoS attacks that is concerning but also their increased frequency. For every high profile DDoS attack reported in the mainstream media – such as the recent massive and sustained attack on Spamhaus – there are thousands of DDoS attacks that go unreported every day. For example, between 2009 and 2011 Akamai reported a 2,000% increase in DDoS attacks over its network which handles between 15% and 30% of the Internet’s total traffic.2 A newly released study conducted by the Poneman Institute and Radware claimed that as many as 65% of organizations were the victim of at least three DDoS attacks in the past 12 months.3 Some network and hosting providers claim to see hundreds of DDoS attacks per month and these are only the ones big enough to get noticed.

This rise in frequency is mainly due to three factors: 1) the ease by which an effective DDoS attack can be launched. You can download a readily available DDoS tool to do it yourself or contract a “hacker-for-hire” to attack the target of your choice for about $5 to $10 per hour; 2) the emergence of DDoS attacks as a form of political protest; 3) and the continued growth of international
cyber-crime.4

Figure B: Most Common Motivations Behind DDoS Attacks

DDoS attack vectors tend to fall into one of three broad categories:

1. Volumetric Attacks: These attacks are about causing congestion. They attempt to consume a target’s available hosting resources and are typically executed using botnets to generate a high volume of http/s page requests. Attacks on VoIP and authoritative DNS servers are also popular ways to disrupt service. Recently the magnitude of volumetric DDoS attacks has increased significantly by leveraging the recursive function of tens of thousands of misconfigured DNS servers on the Internet to “amplify” attacks.5 This development represents another escalation in the ability of DDoS attacks to cause wide-spread collateral damage.

2. TCP State-Exhaustion Attacks: These attacks attempt to consume the connection state tables that are present in many infrastructure components, such as load balancers, firewalls and the web application servers. Even high-capacity devices capable of maintaining the state of millions of connections can be taken down by these attacks. Since 2011 there has been a rise in this type of attack on datacenter-level devices in an attempt to maximize collateral damage.6

3. Application-Layer Attacks: These attacks target a weakness in a particular web application. They are the most sophisticated, stealthy-type of DDoS attacks because they can be very effective without generating abnormal amounts of traffic. This “low and slow” approach makes the attack very difficult to detect using traditional volumetric detection mechanisms. Recently, Kevin Kennedy, Senior Director of Product Management at Juniper Networks, noted in a blog post: “Forget armies of bots, a single PC was enough to generate a small, well targeted attack that took down one of the e-tailers in Europe within 2 minutes. And precisely because it was so small, it was lost in the noise of legitimate user traffic, taking a full day to identify and remediate and putting $10M of sales at risk.”7

In a recent survey by Arbor Networks, almost double the number of respondents reported multi-vector DDoS attacks (27% to 46%) in 2012 over 2011. This is a dangerous trend
as multi-vector attacks put additional strain on security resources and requires an expertly managed “defence-in-depth” security strategy and response plan to mitigate effectively.

While collateral damage is rising with the increased amplitude and frequency of DDoS attacks, the scope of DDoS targets also remains broad. Although the favoured targets remain e-commerce and gaming sites, all types of sites are attacked and often for no discernible reason. See Figure C.

Figure C: Targeted Customer Types

At the same time, a strong majority of organizations recognize that any service disruption for any reason would have a significant impact on their business. See Figure D. Taken together, these factors – the increased frequency and amplitude of DDoS attacks, the wide scope of targets, and the increased sensitivity of organizations to DDoS attacks – mean increased business risk for most organizations and a thriving DDoS mitigation industry.

Figure D: Business Impact from Interruption of Services

We will now explore how a “defence-in-depth” approach is necessary to protect your business-critical website from both infrastructure and application-level DDoS
attacks. Read part 2 of this article

~

1 – All graphs used in the article were taken from Arbor Network’s Worldwide Infrastructure Security Report, 2012 Volume VIII

2 – See http://www.circleid.com/posts/20120131_ddos_attacks_increased_by_2000_percent_in_past_3_
years/

3 – See http://www.securitybistro.com/blog/?p=3683

4 – It should be noted that most DDoS attacks are not reported to law enforcement because of a lack of time and resources, low
confidence in the efficacy of law enforcement, and corporate policy.

5 – See http://news.techworld.com/security/3407339/open-dns-resolvers-used-to-amplify-ddos-attacks-hide-original-source/

6 – See http://pages.arbornetworks.com/rs/arbor/images/WISR2012_EN.pdf

7 – See http://forums.juniper.net/t5/Security-Mobility-Now/It-s-Not-Size-But-Sophistication-That-Matters/ba-p/185087

Download this white paper in PDF format (Part 1 & Part 2)

[contact-form-7 404 "Not Found"]

The Carbon60 Blog DDoS Attacks, Distributed Denial of Service, Hosting Security, Site Security

Related posts

The Truth About DDoS Attacks: Part 2

June 10, 2013

Subscribe to receive Carbon60 news

Stay up to date on insights, blog articles, events and services from Carbon60 delivered to your inbox.

Subscribe
Carbon60
  • Cloud Adoption
    • Cloud Readiness Assessment
    • Cloud Migration Services
    • Cloud Launchpad
    • Modernization
    • Cloud Security & Compliance
  • Managed Cloud
    • Managed Private Cloud
    • Managed Public Cloud
    • Cloud Backup
    • Cloud Disaster Recovery
    • Security
    • Applications
  • Industries
    • Financial Services
    • Healthcare
    • Public Sector
    • Technology
Follow us on LinkedIn Follow us on Twitter Follow us on YouTube

© Copyright Carbon60 2023

  • Privacy Policy
  • Terms & Conditions
  • Contact Us