Cyber Monday: Can The Internet Be Taken Down By Massive DDoS Attacks?6:30 PM EST Mon. Nov. 26, 2012
The recent string of DDoS attacks against banks and other financial institutions has renewed discussions among service providers on how to protect networks in an era when bandwidth is continually on the increase and toolkits to assist cyber criminals are becoming increasingly pervasive and complex.
This issue was discussed at length in a blog post by Carlos Morales, vice president of sales engineering and operations of Arbor Networks, a Chelmsford, Mass.-based security company.
"Attackers are not fearing the authorities," Morales told CRN. "The tools are developing at a fast pace. Attackers are becoming a lot more brazen, and people, in general, are becoming a lot more aware of DDoS attacks and their growing size and scope.
"What's changing is the amount of bandwidth available to everybody, whether it's made available through fiber-to-the-home or anything else that delivers tons of megabits to the desktop," Morales continued. "Plus the power of CPU and memory-based processing is being delivered so cheaply that you can generate a whole lot of traffic over the available bandwidth. So the superhighways of the Internet have become so large it is now quite possible to bring in intermediate-sized service provider to its knees, if someone chose to do so."
According to Morales, most enterprise and government data centers have no more than 10 Gbps worth of upstream bandwidth, but the attacks are frequently becoming larger. According to his company's statistical engine, the largest bandwidth attacks measured in 2011 and 2012 were 101.4 Gbps and 100.8 Gbps respectively, which is more than enough to cause serious disruptions.
"Over the next couple of years, you will see end-user hosts with 100 megabits per second of bandwidth available on average," he predicted. "If you get 100 of these machines functioning within a botnet, that'll take down a lot of different operators. Then you look at 10,000 host botnets, which is not uncommon. We're seeing botnets in the millions now. At this point, you are reaching a level that's going to impact the traffic of some of the largest backbone carriers in the world. They have that kind of capacity, but they don't necessarily have that kind of spare capacity. So it wouldn't take down the Internet for life but would cause an unprecedented amount of congestion. It would basically be Internet gridlock."
Morales speculated that attackers may choose to make their move during a Cyber Monday, an election day or any other time when Internet resources are already in high demand. He also noted that size is not the only means by which such an attack can be effective. "Application layer attacks, IP protocol attacks, connection attacks and other stealthy attack methods" can also be instrumental in having the same effects.
NEXT: Focus On Defense In Depth
Service providers are talking among themselves and creating their own internal strategies for how to deal with this type of an "Armageddon" attack. Specific plans are unavailable, but Arbor Networks' Morales says the discussions are clearly under way.
"They will need to address the source of the attacks, and I believe they are trying to form collateral agreements for cooperation in blocking malicious hosts," he said. "They need to take those hosts completely off the Internet, and they need to establish cooperation among the service providers in order take down the source."
Morales recommends that channel partners protect their customers through strategies focused on defense in depth. This would include best practices designed to reduce attack surfaces as well as the delivery of best-of-breed solutions. "A compliance checkbox will not be sufficient," he added. "They have to make choices based on who has the right feature sets and work with their upstream providers to get some type of coverage against the threats that are beyond their capacity."
PUBLISHED NOV. 26, 2012