Forgot your password?
typodupeerror
Security The Internet IT

DDoS Attacks Exceed 100 Gbps For First Time 62

Posted by CmdrTaco
from the thats-a-lotta-packets dept.
wiredmikey writes "The Sixth Annual Worldwide Infrastructure Security Report, released today by Arbor Networks, revealed that DDoS attack size broke 100 Gbps for first time; up 1000% since 2005. In addition to hitting the 100 Gbps attack barrier for the first time, application layer attacks hit an all-time high. Additionally, it goes on to show that as new equipment, protocols and services are introduced into networks, the vulnerable attack surface for DDoS is expanded. DDoS attacks are likely to continue as a low cost, high-profile form of cyber-protest in 2011 and beyond."
This discussion has been archived. No new comments can be posted.

DDoS Attacks Exceed 100 Gbps For First Time

Comments Filter:
  • Are we really calling illegal attacks on a companies' servers "cyber protest" now?
    • by doconnor (134648)

      Protests have often included illegal actions.

      • by Dan541 (1032000)

        And those protests lost all legitimacy.

        • by spazdor (902907)

          Like the civil rights movement, for instance. Hard to find a soul alive today who thinks those had any legitimac...

          hang on

    • Re:cyber protest (Score:5, Insightful)

      by Senes (928228) on Tuesday February 01, 2011 @12:14PM (#35068394)
      You're not going to see a high-profile act of protest which has the explicit approval and blessing of the authorities.

      Civil disobedience involves disobedience.
      • by Anonymous Coward

        doesnt mean it can't be civil

      • by Americano (920576)

        There's a difference between non-violent 'civil disobedience' and using force to get someone else to submit to your demands.

        What a DDoS attack does is not all that different from mugging someone, it's just a little less personal: "your money or your life" turns into "our demands or your livelihood."

        • by krack (121056)

          Mugging involves the use of actual physical force.

          DoS attacks do not involve the use of physical force.

          • by Americano (920576)

            You realize that "physical force" isn't the only type of force that can be exerted, correct? If somebody does something under duress, they are being forced to take an action that they would not voluntarily engage in. You can distinguish between the two types of force, certainly, but the fact remains that someone is being *forced* into something against their will.

            A DDoS may not exert physical force, but it is most certainly using force to try to get the target to submit to a list of demands.

            By your commen

      • by Lumpy (12016)

        REally?

        Then explain the army approving the protests in Egypt.

    • by Anonymous Coward
      First they ignore you, then they ridicule you, then they fight you, then you win.
    • by Americano (920576)

      I thought that was an odd way to end the submission too. Of course, all the self-described anarchists and radicals who think that this is a useful form of "cyber protest" have surely also considered that what they're doing is using force to bludgeon someone else into submitting to their demands, and that their behavior is identical to the behavior of the people "subjugating" them.

      Funny that we only seem to resent the jackboot when it's on someone else's foot, isn't it?

    • by Lumpy (12016)

      At least we are not calling them Cyber-TERRORISM... yet...

    • by Anonymous Coward

      "Are we really calling illegal attacks on a companies' servers "cyber protest" now?"

      White House cyber-security coordinator Howard Schmidt sure does:

      http://www.newsweek.com/2010/12/21/interview-with-cyber-security-czar-howard-schmidt.html

    • by monkyyy (1901940)

      protesting is mostly illegal, other wise its meaningless complants

  • With the increase in computing power and with innovations in attacks I think they'll reach 1TB/sec in six years...

  • Barrier (Score:5, Insightful)

    by necro81 (917438) on Tuesday February 01, 2011 @12:28PM (#35068534) Journal
    Could we please agree that 100 Gbps, especially in this context, is not a "barrier"? At best, it is a mildly interesting milestone in the march towards completely saturating the internet with crap. But it is not a barrier in the sense that there was some physical limitation that held us up on our way past it. True, it happens to match the rated throughput of a particular class of network routing equipment, but so what? The sound barrier was an actual barrier in airspeed, one which many objects and phenomena cannot overcome, and one that took extra effort to get humans past. A brick wall is a barrier to your forward progress that requires extra effort to push through (if you're into that kind of thing). But 100 Gbps is no more a barrier than 99 Gbps was or 101 Gbps will be. Round numbers are not barriers [slashdot.org] - they're just human conventions.
    • by jfengel (409917)

      All with you on that, but we're fighting a losing battle. It's standard journalistic puffery. "Barriers" are more exciting than "marks" or "levels". Those terms point out the irrelevance of the article itself: this level is arbitrary.

      The fact that we're seeing record-breaking DDOS attacks is newsworthy, but for some reason "Record breaking DDOS attacks" seems too pedestrian for editors. Especially, perhaps, technology editors who live their lives on hype.

    • by MightyYar (622222)

      People like round numbers. Go with it or die frustrated.

    • by jroc242 (1397083)
      I disagree. Link speeds often go by 10's. 10Mb, 100Mb, 1Gb, 10Gb,100Gb. A large number of ISP's currently use 100Gb backbones.. Recently Veri*** offered us a DDOS solution where when a DDOS is detected, they offload the traffic onto their network which is 100GB and therefore can handle any DDOS attack.
  • PR group for company A says that a problem that our product 'solves' is really really bad.

    Buy our product or you will be doomed.

  • Assuming most of these DDOS attacks come from from botnets; I wonder what percent of these DDOS attacks are made up of computers that were infected/compromised because they were left unpatched out in the open verses computers that were compromised because the user installed a pirated copy of some software that contained a virus or rootkit.

    Given the reports I've heard of China and many other countries pirating 90% of their software http://slashdot.org/story/11/01/21/2217248/Ballmer-Says-90-of-Chinese-Users [slashdot.org]
  • by JSBiff (87824) on Tuesday February 01, 2011 @02:15PM (#35070206) Journal

    In general, I'm not a big fan of all the proposals by ISPs to limit user traffic, cap data, etc.

    But, it seems to me that clamping down on DDoS's initiated by zombie networks would be a fabulous use of the related technologies. If the ISPs really want to cut down on traffic, start cutting off all the traffic from botnet zombies.

    I wonder if they could even, using Deep Packet Inspection, figure out what traffic was specifically from the botnet, and refuse to route that traffic, while still allowing legitimate traffic (e.g. the user browsing the web with their web browser, playing online games, sending email, etc) from the same machines.

    • by krack (121056)

      regarding your packet inspection comment, I suggest that would cost more than just soaking the DoS. Packet inspection is not cheap, especially at DDoS data rates. In fact, the inspection device would probably be the first to fail when a DoS came knocking.

    • by matty619 (630957)

      One of our ISP's here in San Diego, Cox, if it is detected that a large amount of spam, or other malicious connections are originating from your connection, will block everything and redirect any web requests to a captive portal page with instructions on how to clean your computer, and a number to call once you've done so to get your service re-activated.

  • Two things are interesting in the article
    1) Firewalls are an easy target since stateful inspection table can be easily overflowed
    2) Ipv6 is not something that helps the issue (I suspect the huge addressing space does no help, so is more crypto provisioning)

    The only solution I see is for web sites to have an agreement with providers in the world whereby they can request a specific IP to be blocked to route to a specific web-site (for a limited period, obviously)
    The magic should be done by means of automatic

    • by Slayer (6656)
      If these automatic block requests are in place, bad guys can and will use these to effectively get your server off the net, either by faking these requests or by forcing your server to create an overwhelming abundance of these. Let's face it: it is out gun him (i.e. put up more resources) or out smart him (use your resources more effectively). No automated tool or mechanism will be able to do that, because automated smarts work for both the attacker and the defender.
      • Requests are signed using agreed passwords between the ISP and the WEB server.
        (That means exchanging authentication tokens before the crisis)
        So, the request cannot be faked.
        (Not all ISP need to participate and also not all web server need to participate, just the biggest )

        Only a specific client can be shut off. The web server can easily identify it by TCP source IP (no dialog can happen otherwise)
        No faking is possible for the botnet, it is up to web server policies to decide when to shut a client off at the

        • In short:
          Server is already dropping the client's packets regardless.
          Server only needs to send a response to buzz off.
          Router receives the buzz off request, and simply verifies that yes, client sent a packet to the server. Block him (possibly log it, and when there are too many blocks for that client shut them off), opposed to forwarding it on to 20+ other routers, and a server that would drop it regardless. All ISPs would benefit, so it should be a mutual deal.

          Not all routers would be able to perform
  • Thanks Amazon, to the cloud my *ss!

  • Equates to my building and one of our neighboring ones. With 1 Gbps per apartment I fail to see the awe aspiring in the "accomplishment" from that perspective.
    Assuming it wasn't my neighbors who got hacked and that the world's 500 million connected households have an average of 1Mbit/s uplink capacity, the feat might be interesting from another perspective than the consumed bandwidth; being able to orchestrate 100k drones without being traced. That's pretty cool since there must have been quite a couple of

Aren't you glad you're not getting all the government you pay for now?

Working...