Massive DoS Attacks Against ISPs On the Rise

ISPs are spending more to defend against massive denial-of-service (DoS) attacks than they are protecting themselves against highly-publicized worm attacks, Lexington, Mass.-based Arbor Networks reported in its annual survey of major providers.

According to the Arbor poll of 55 ISPs in North America, Europe, and Asia, multi-gigabit, supra-backbone DoS attacks are on the upswing. Providers, said Arbor, regularly report attacks beyond the capacity of core backbone sections of the Internet in the 10-20Gbps range. "This is driven by the proliferation of broadband Internet connectivity globally," the survey's report said.

The bulk of these DoS attacks originate with botnets, collections of compromised computers that criminals have acquired by infecting them with Trojan horses through other means, such as e-mail, spyware, or malicious Web sites.

Not only are there more botnets than ever before, but they're harder to ferret out and tougher to take down once spotted.

id
unit-1659132512259
type
Sponsored post

"One of the reasons bots are more difficult to detect today is because they are no longer being used for obvious malicious activity," said Craig Labovitz, the director of network architecture for Arbor Networks, in a statement. "Rather than simply spewing tons of easily discernible attack data onto the network, botnet activity today tends to fly 'under the ISPs radar,' making detection and mitigation immeasurably more difficult."

Other findings in the report ranged from a pessimistic view of zombies -- "despite the best efforts of firewall, IDS, and OS vendors, there is no end in sight to the rise of millions of compromised systems available to participate in DoS," said the report -- to an admission that an ISP's cure for a DoS may be as bad as the attack itself. Most providers, for example, handle a DoS by filtering out all traffic to the victim. While that protects ISPs backbones from collapse, the tactic also blocks legitimate traffic to the victim domain.

Users can download the Arbor report in PDF format from this site after registering.