Network Security, Network Security

The evolution of the DDoS

The temporary takedown in December of a handful of websites that cut ties with controversial website WikiLeaks, including Visa and MasterCard, made national news.

The reality, though, is that similar attacks, motivated by a variety of reasons, occur thousands of times each day, thanks in part to the ease by which website disruptions can be accomplished.

Hackers have been carrying out distributed denial-of-service (DDoS) attacks for more than a decade, and their potency steadily has increased over time, said Jose Nazario, senior security researcher at Arbor Networks.

Due to internet bandwidth growth, the largest such attacks have increased from a modest 400 megabytes per second in 2002 to 100 gigabytes per second recently, according to Arbor Networks. Massive flooding attacks in the 50 Gbps range are powerful enough to exceed the bandwidth capacity of almost any intended target, but even smaller attacks can be surprisingly effective.

“There has been a dramatic increase in the past five years of easy-to-use tools in the DDoS attack space,” Nazario said.

The vast majority of DDoS attacks occur in the world of online gaming, where individuals use tools to boot competitors from the game to gain an advantage, Nazario said. Attacks also have widely been used in extortion schemes against gambling and pornography sites.

Meanwhile, a rapidly growing subset of attacks are politically or ideologically motivated, such as those targeting WikiLeaks and the ensuing retaliatory attacks against web properties that stopped doing business with the site.

While large organizations may have the funds to pay for costly DDoS mitigation services or enlist the assistance of a hosting provider, smaller businesses, such as human rights and independent media outlets, often lack the tools and resources to deflect attacks, according to The Berkman Center for Internet & Society at Harvard University.

The burden of responsibility also falls on individual users, whose unpatched machines are sometimes infected to amass botnets used to flood websites with unwanted traffic.

“I do not see a real solution to this problem right now,” Jonas Frey, owner of Probe Networks, a German security firm, recently wrote on the North American Network Operators Group mailing list. “There's not much you can do about the unwillingness of users to keep their software/OS [up to date] and deploy anti-virus/anti-malware software.”


Growth in DDoS attack size year-over-year since 2002.

Source: Arbor Networks Sixth Annual Worldwide Infrastructure Security Report

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.