The Month: DDoS becoming more intelligent and harder to detect

January 31, 2007

Botnet-distributed denial-of-service attacks (DDoS) are becoming more intelligent and harder to detect, a move that spells bad news for businesses. Bot-herders are abandoning traditional DDoS attacks in favour of smaller but more targeted attacks. For example, instead of simply flooding a website's main page, the targeted attacks will use embedded applications on the website - such as searches - that require server- and/or database- intensive processes. A much smaller number of these queries can bring down a website.

According to Paul Sop, chief technology officer at Prolexic, around 20%of the attacks late last year were of this "custom" type, and he expectsthat number to double in the next 12 months. "In a classic DDoSscenario, attacking bandwidth could be fought with defending bandwidth,and technology now allows businesses good defences," he explained.

"With custom attacks it is much harder. Criminals are looking at thetarget website carefully, and then designing requests that will defeatload-balanced servers by creating high back-end database load.

prestitial ad