Thursday, November 29, 2012

Evolving DDoS Attacks Force Defenders To Adapt

In the past, attackers using distributed denial-of-service (DDoS) attacks to take down Web sites or network servers typically adopted one of two tactics; flooding the site with a deluge of data or overwhelming an  application server with seemingly valid requests.

Yet increasingly, attackers are using a hybrid approach, using multiple vectors to attack. The attacks that hit financial firms in September and October, for example, often used a massive flood of data packets that would overwhelm a victim’s network connection, while a much smaller subset of traffic would target  vulnerable applications functions, consuming server resources.

The one-two punch is potent. Many financial firms thought they had the defenses in place to defeat such attacks but had problems staying accessible during the onslaught. Companies prepared to handle application-layer attacks or smaller volumetric attacks could not handle the 20Gbps or more that saturated their Internet connection. A recent report from network-security firm Prolexic found that the average attack bandwidth increased to nearly 5Gbps, with 20Gbps attacks quite common. In a year, the average volume of attacks had doubled, the firm found.

Read more: DDos Attacks More Potent These Days