DDoS Attacks Exceed 100 Gbps For First Time

wiredmikey writes "The Sixth Annual Worldwide Infrastructure Security Report, released today by Arbor Networks, revealed that DDoS attack size broke 100 Gbps for first time; up 1000% since 2005. In addition to hitting the 100 Gbps attack barrier for the first time, application layer attacks hit an all-time high. Additionally, it goes on to show that as new equipment, protocols and services are introduced into networks, the vulnerable attack surface for DDoS is expanded. DDoS attacks are likely to continue as a low cost, high-profile form of cyber-protest in 2011 and beyond."

cyber protest

[Lueseiseki]

Are we really calling illegal attacks on a companies' servers "cyber protest" now?

Re:

[doconnor]

Protests have often included illegal actions.

Re:

[Dan541]

And those protests lost all legitimacy.

Re:

[spazdor]

Like the civil rights movement, for instance. Hard to find a soul alive today who thinks those had any legitimac...

hang on

Re:

[spazdor]

Well, at that time in history, the "rights and freedoms" of white people included the right to their own exclusive water fountains and bus seats, so, yes. The civil rights movement was a coordinated and deliberate attack on their freedoms.

Re:cyber protest

[Senes]

You're not going to see a high-profile act of protest which has the explicit approval and blessing of the authorities.

Civil disobedience involves disobedience.

Re:

[Anonymous Coward]

doesnt mean it can't be civil

Re:

[Americano]

There's a difference between non-violent 'civil disobedience' and using force to get someone else to submit to your demands.

What a DDoS attack does is not all that different from mugging someone, it's just a little less personal: "your money or your life" turns into "our demands or your livelihood."

Re:

[Americano]

Does the fact that the victim is a crack dealer somehow make it "okay" to threaten (or inflict) harm on them in order to steal their wallet?

You can condemn the actions of a crack dealer AND condemn the actions of a mugger, these are not incompatible positions, and they are in no way mutually exclusive. Two wrongs do not make a right.

Re:

[Americano]

Care to show your work and explain how you arrive at this conclusion?

Re:

[cheekyjohnson]

Does the fact that the victim is a crack dealer somehow make it "okay" to threaten (or inflict) harm on them in order to steal their wallet?

Of course! Anyone who breaks the law is inherently a bad person. Therefore, we should be able to do as we please to them. What could possibly go wrong?

Re:

[badkarmadayaccount]

Reference PMITA federal prisons.

Re:

[badkarmadayaccount]

I do. Cue drug discussion.

Re:

[Americano]

"enraged to a breaking point"?

Please. This is a bunch of comfortable middle-class kids thinking it sounds like a bunch of fun to fuck with someone else, especially when they can do so from the perceived anonymity of their home. It's low-effort, low-value protests that do nothing but give these people the reputation of being hooligans - They can watch Jersey Shore and post on 4chan while they "express their displeasure."

It got a lot of press for about 15 minutes, and where's the follow-through?

Re:

[krack]

Mugging involves the use of actual physical force.

DoS attacks do not involve the use of physical force.

Re:

[Americano]

You realize that "physical force" isn't the only type of force that can be exerted, correct? If somebody does something under duress, they are being forced to take an action that they would not voluntarily engage in. You can distinguish between the two types of force, certainly, but the fact remains that someone is being *forced* into something against their will.

A DDoS may not exert physical force, but it is most certainly using force to try to get the target to submit to a list of demands.

By your commen

Re:

[Lumpy]

REally?

Then explain the army approving the protests in Egypt.

Re:

[krack]

not stopping and approving are two different concepts.

Re:

[Anonymous Coward]

First they ignore you, then they ridicule you, then they fight you, then you win.

Re:

[Americano]

I thought that was an odd way to end the submission too. Of course, all the self-described anarchists and radicals who think that this is a useful form of "cyber protest" have surely also considered that what they're doing is using force to bludgeon someone else into submitting to their demands, and that their behavior is identical to the behavior of the people "subjugating" them.

Funny that we only seem to resent the jackboot when it's on someone else's foot, isn't it?

Re:

[Kalriath]

Flawed statement. Sure, you can organise a flash mob around a building, but anyone who wants to go to that store can still get in (or the police will quickly arrest the people involved in the mob). During a DDoS attack, the target is completely inaccessible to legitimate customers. That's why it's not a valid form of "protest", but simply an illegal attack to disconnect a target business from what may well be their only way of operating. I'm sure you will feel so good about yourself when dozens or hundr

Re:

[mywhitewolf]

but anyone who wants to go to that store can still get in

as long as they are comfortable walking through a store with a large group of people yelling about how immoral the owners are. cyber "protests" in the form of a DDoS is just as valid. just because its easier doesn't mean its not valid. also.

hundreds of people get laid off by an internet company that can't run because a group of dickheads decided to take out their web servers in "protest", and they end up on the street with their families begging for a dollar.

if your INTERNET company employs hundreds of people yet isn't able to afford any downtime then maybe you shouldn't make un-ethical decisions, or at least insure or put away for downtime that could be caused from anything, not just a DDoS attack.

Re:

[Kalriath]

as long as they are comfortable walking through a store with a large group of people yelling about how immoral the owners are.
cyber "protests" in the form of a DDoS is just as valid. just because its easier doesn't mean its not valid.

No, they're not "just as valid" and they're not "protests". In your example, you can just walk through that crowd if you want. In a DDoS, you can't - because the target cannot respond. With a DDoS it's more like a flash mob showed up and stole all the money out of the cash register, and then nailed the doors to the business closed (this may come as a shock, but the business has to pay a lot of money for that bandwidth your DDoS chews up).

Second, when attacking companies like PayPal or Visa, you're actua

Re:

[mywhitewolf]

No, they're not "just as valid" and they're not "protests". In your example, you can just walk through that crowd if you want. In a DDoS, you can't - because the target cannot respond. With a DDoS it's more like a flash mob showed up and stole all the money out of the cash register, and then nailed the doors to the business closed (this may come as a shock, but the business has to pay a lot of money for that bandwidth your DDoS chews up).

brick and mortar shops pay more in rent than what an internet company does in bandwidth allocation as well as having significantly less capacity to deal with excess customers. so yes, it will cost the company money, but not significantly more than a live "protest".

Not only this, but if the DDoS isn't large enough, you won't even realise there is a protest, where as 1 person in a store protesting can be much more disruptive.

Second, when attacking companies like PayPal or Visa, you're actually negatively affecting millions of people as well as that business, who can't transact online, or miss payments like utilities or rent because they're trying to get money out of a PayPal account while the website's down.

and if i protested at a bank or a post office you would have similar sort of pro

Re:

[Lumpy]

At least we are not calling them Cyber-TERRORISM... yet...

Re:

[Nadaka]

Oh, yes. Some people are certainly calling it cyber terrorism.

Re:

[Anonymous Coward]

"Are we really calling illegal attacks on a companies' servers "cyber protest" now?"

White House cyber-security coordinator Howard Schmidt sure does:

http://www.newsweek.com/2010/12/21/interview-with-cyber-security-czar-howard-schmidt.html

Re:

[monkyyy]

protesting is mostly illegal, other wise its meaningless complants

key to world peace:

[Thud457]

a happy ending is in order?

It's all the wimmins' fault. I guarantee you if there were more happy endings, there'd be a lot fewer guys willing to smash, burn, loot or blow things up. Hell, just look at what they promise suicide bomber in Muslim Heaven.
.
.
.

Slow Down Cowboy!

Slashdot requires you to wait between each successful posting of a comment to allow everyone a fair chance at posting a comment.

It's been 1 hour, 23 minutes since you last successfully posted a comment

Chances are, you're behind a firewall or proxy, or clicked the Back button to accidentally reuse a form. Please try again. If the problem persists, and all other options have been tried, contact the site administrator.

seriously, eat a bag of racid AIDS, slashcode.
and at least pretend to attempt to render the goddamned formatting tags somewhat approaching correctly

Moore's law applies to hackers!

[Virtucon]

With the increase in computing power and with innovations in attacks I think they'll reach 1TB/sec in six years...

Barrier

[necro81]

Could we please agree that 100 Gbps, especially in this context, is not a "barrier"? At best, it is a mildly interesting milestone in the march towards completely saturating the internet with crap. But it is not a barrier in the sense that there was some physical limitation that held us up on our way past it. True, it happens to match the rated throughput of a particular class of network routing equipment, but so what? The sound barrier was an actual barrier in airspeed, one which many objects and phenomena cannot overcome, and one that took extra effort to get humans past. A brick wall is a barrier to your forward progress that requires extra effort to push through (if you're into that kind of thing). But 100 Gbps is no more a barrier than 99 Gbps was or 101 Gbps will be. Round numbers are not barriers [slashdot.org] - they're just human conventions.

Re:

[jfengel]

All with you on that, but we're fighting a losing battle. It's standard journalistic puffery. "Barriers" are more exciting than "marks" or "levels". Those terms point out the irrelevance of the article itself: this level is arbitrary.

The fact that we're seeing record-breaking DDOS attacks is newsworthy, but for some reason "Record breaking DDOS attacks" seems too pedestrian for editors. Especially, perhaps, technology editors who live their lives on hype.

Re:

[MightyYar]

People like round numbers. Go with it or die frustrated.

Re:

[jroc242]

I disagree. Link speeds often go by 10's. 10Mb, 100Mb, 1Gb, 10Gb,100Gb. A large number of ISP's currently use 100Gb backbones.. Recently Veri*** offered us a DDOS solution where when a DDOS is detected, they offload the traffic onto their network which is 100GB and therefore can handle any DDOS attack.

In other news...

[haus]

PR group for company A says that a problem that our product 'solves' is really really bad.

Buy our product or you will be doomed.

Compromised by worm or trojan?

[MunkieLife]

Assuming most of these DDOS attacks come from from botnets; I wonder what percent of these DDOS attacks are made up of computers that were infected/compromised because they were left unpatched out in the open verses computers that were compromised because the user installed a pirated copy of some software that contained a virus or rootkit.

Given the reports I've heard of China and many other countries pirating 90% of their software http://slashdot.org/story/11/01/21/2217248/Ballmer-Says-90-of-Chinese-Users [slashdot.org]

A good use of traffic shaping by ISPs

[JSBiff]

In general, I'm not a big fan of all the proposals by ISPs to limit user traffic, cap data, etc.

But, it seems to me that clamping down on DDoS's initiated by zombie networks would be a fabulous use of the related technologies. If the ISPs really want to cut down on traffic, start cutting off all the traffic from botnet zombies.

I wonder if they could even, using Deep Packet Inspection, figure out what traffic was specifically from the botnet, and refuse to route that traffic, while still allowing legitimate traffic (e.g. the user browsing the web with their web browser, playing online games, sending email, etc) from the same machines.

Re:

[krack]

regarding your packet inspection comment, I suggest that would cost more than just soaking the DoS. Packet inspection is not cheap, especially at DDoS data rates. In fact, the inspection device would probably be the first to fail when a DoS came knocking.

Re:

[matty619]

One of our ISP's here in San Diego, Cox, if it is detected that a large amount of spam, or other malicious connections are originating from your connection, will block everything and redirect any web requests to a captive portal page with instructions on how to clean your computer, and a number to call once you've done so to get your service re-activated.

Interesting remark on IPv6

[what about]

Two things are interesting in the article
1) Firewalls are an easy target since stateful inspection table can be easily overflowed
2) Ipv6 is not something that helps the issue (I suspect the huge addressing space does no help, so is more crypto provisioning)

The only solution I see is for web sites to have an agreement with providers in the world whereby they can request a specific IP to be blocked to route to a specific web-site (for a limited period, obviously)
The magic should be done by means of automatic

Re:

[Slayer]

If these automatic block requests are in place, bad guys can and will use these to effectively get your server off the net, either by faking these requests or by forcing your server to create an overwhelming abundance of these. Let's face it: it is out gun him (i.e. put up more resources) or out smart him (use your resources more effectively). No automated tool or mechanism will be able to do that, because automated smarts work for both the attacker and the defender.

Re:

[what about]

Requests are signed using agreed passwords between the ISP and the WEB server.
(That means exchanging authentication tokens before the crisis)
So, the request cannot be faked.
(Not all ISP need to participate and also not all web server need to participate, just the biggest )

Only a specific client can be shut off. The web server can easily identify it by TCP source IP (no dialog can happen otherwise)
No faking is possible for the botnet, it is up to web server policies to decide when to shut a client off at the

Re:

[VeNoM0619]

In short:
Server is already dropping the client's packets regardless.
Server only needs to send a response to buzz off.
Router receives the buzz off request, and simply verifies that yes, client sent a packet to the server. Block him (possibly log it, and when there are too many blocks for that client shut them off), opposed to forwarding it on to 20+ other routers, and a server that would drop it regardless. All ISPs would benefit, so it should be a mutual deal.

Not all routers would be able to perform

Amazon!

[hesaigo999ca]

Thanks Amazon, to the cloud my *ss!

Two appartment buildings worth of homes

[chris_7d0h]

Equates to my building and one of our neighboring ones. With 1 Gbps per apartment I fail to see the awe aspiring in the "accomplishment" from that perspective.
Assuming it wasn't my neighbors who got hacked and that the world's 500 million connected households have an average of 1Mbit/s uplink capacity, the feat might be interesting from another perspective than the consumed bandwidth; being able to orchestrate 100k drones without being traced. That's pretty cool since there must have been quite a couple of