Has progress been made in fighting DDoS attacks?

As the distributed denial-of-service attacks spawned by this week's WikiLeaks events continue, network operators are discussing what progress, if any, has been made over the past decade to detect and thwart DoS attacks.

Participants in the North American Network Operators Group (NANOG) e-mail reflector are debating whether any headway has been made heading off DDoS attacks in 10 years. The discussion is occurring while WikiLeaks deals with DDoS attacks after leaking sensitive government information, and sympathizers launch attacks against Mastercard, Visa, PayPal and other significant e-commerce sites.

"February 2000 weren't the first DDoS attacks, but the attacks on multiple well-known sites did raise DDoS' visibility," writes Sean Donelan, program manager of network and infrastructure security at the Department of Homeland Security, on the NANOG reflector. "What progress has been made during the last decade at stopping DDoS attacks?"

From there, multiple participants debate whether progress has indeed been made and if DDoS attack sources and targets can do anything proactively and effectively to detect, prevent and/or mitigate an attack.

"If anything, the potential is worse now than it ever has been unless you have just ridiculous amounts of bandwidth, as the ratios between leaf user connectivity and data center drops have continued to close," participant Blake Dunlap responds. "The finger of packety death may be rare, but it is more powerful than ever, just ask Wikileaks; I believe that they were subject to 10Gbit+ at times. At least the frequency has dropped in recent years, if not the amplitude, and I am thankful for that."

WikiLeaks had its domain name service terminated last week after repeated DDoS attacks against the WikiLeaks site.

Another participant, Arturo Servin, responds, "One big problem of DDoS is that sources (the host of botnets) may be completely unaware that they are part of a DDoS. (On) the other hand the target of a DDoS cannot do anything to stop an attack besides adding more (bandwidth) or contacting one by one the whole path of providers to try to minimize the effect."

On the glass-half-full side, some participants say using a distributed architecture with anycast and loads of bandwidth will help mitigate attacks, or limit them to a subset of nodes. Others say eliminating botnets is a preventative measure.

"DDoS is just a symptom. The problem is botnets," states Roland Dobbins, solutions architect at Arbor Networks. "Preventing hosts from becoming bots in the first place and taking down existing botnets is the only way to actually prevent DDoS attacks. Note that prevention is distinct from defending oneself against DDoS attacks."

Easier said than done.

"Actually, botnets are an artifact," responds participant Bill Manning. "Claiming that the tool is the problem might be a bit shortsighted. With the evolution of Internet technologies I suspect botnet-like structures to become much more prevalent and useful for things other than coordinated attacks."

But while ways to mitigate and perhaps prevent attacks have emerged over the decade, so too have new attack vectors. As new methods to thwart attacks are discovered, attackers discover new way to attack.

"Nowadays the consumers have a lot more bandwidth and it's easier than ever to set up your own botnet by infecting users with malware and alike," writes Jonas Frey of Probe Networks.

"I do not see a real solution to this problem right now," Frey writes. "There's not much you can do about the unwillingness of users to keep their software/OS up to date and deploy anti-virus/anti-malware software (and keep it up to date). Some approaches have been made, like cutting off Internet access for users which have been identified by ISPs for being a member of some botnet being infected. This might be the only long-term solution to this probably. There is just no patch for human stupidity."

Arbor's Dobbins begs to differ:

"The tolls and the techniques, the technologies and best practices - this information is out there, it's available. Folks need to learn about this stuff because, if they do the searches and do some reading they can empower themselves to defend themselves and their networks, and their customers, from DDoS attack. It isn't rocket science; it does require some skill set, some dedication and some hard work, but it can be done. And it's done successfully by organizations around the world everyday. These are the organizations you don't tend to read about in the press."

Dobbins believes this week's attacks on the Mastercard, Visa and PayPal sites, combined with last week's attacks on the WikiLeaks site, have heightened awareness among IT officials to the need to proactively prepare for a DDoS eventuality.

"These attacks are not very sophisticated or high-bandwidth," he says. "But they've been able to achieve disproportionate impact due to the unpreparedness of the defenders."

Read more about wide area network in Network World's Wide Area Network section.

Join the PC World newsletter!

Error: Please check your email address.

Tags intrusionsecurityvisaddoslegalpaypalcybercrime

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jim Duffy

Network World
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?