There really is strength in numbers. It’s true for Big Data, high performance computing, cryptography, social media, and flooding the Internet with packets. The latter has been the method of choice for activists, „cyber“ warriors and criminals alike. Network interdiction (as military minds may call it) or Distributed Denial of Service (DDoS) attacks can be hard to counter due to the many sources of the attacking devices. Full pipes are full, no matter what you do. While you can deploy reverse proxies or rely on content distribution networks, the attack still persists. Packets keep coming until the sources are shut down. Flooding someone’s network is not a sophisticated attack. It’s gets the job done, it may be complex by nature, but it is not a stealth exploit sitting in your local network without being noticed. DDoS makes a lot of noise, and it is usually detected right away.
How does a DDoS look like? What happens before, during and after? Are there warning signs such as cloudy skies, light rain, and a steadily increasing wind? Since you can’t recreate DDoS conditions in the lab, it’s best to ask experts who have experience in weathering the storm. Dave Lewis from Akamai will tell you all about DDoS incidents of all sizes at DeepSec 2015:
This talk will look at the patterns of the DDoS attacks that are prevalent in the news headlines. We will take a deep dive into the motivations and rationale behind these attacks; examining the motivations of attackers as they move on from historical page defacement to incentivized DDoS attacks. The tools, methods and data behind these attacks will be unveiled.
Everyone dealing with networked applications should have a look at his talk. As with every attack method, it’s best to look at the tools being used against you before planning your defence. Even organisations relying on (probably outsourced) content distribution networks should learn about what really happens during a DDoS. Your application developers and network-facing sysadmins will benefit as well. Don’t let the barbarians will the battle!
Dave Lewis has almost two decades of industry experience. He has extensive experience in IT operations and management. Currently, Lewis is a Global Security Advocate for Akamai Technologies. He is the founder of the security site Liquidmatrix Security Digest and cohost of the Liquidmatrix podcast. Lewis also serves on the (ISC)2 Board of Directors. He writes a column for CSO Online and Forbes.