Bigger, badder but also sneakier
By John E Dunn | Techworld
Data centres have become “magnets” for DDoS attacks with many recording a marked rise in incidents during 2013, Arbor Networks’ latest Worldwide Infrastructure Security Report has found.
During the year, the number of data centres experiencing DDoS attacks rose to 70 percent from less than half in 2012, the firm discovered from a customer survey backed up by trend data from its own Atlas global monitoring system.
Importantly, 26 percent said that DDoS attacks had exceeded the total data centre bandwidth, around double the number experiencing the same in the previous year. Ten percent had seen more than 100 attacks per month.
Standing back a bit and this shift to focus on data centres appears to be part of a trend to attack customers indirectly by attempting to overload their service providers. Eighty-three percent of data centre operators said they could see attacks up to layer 3 or 4 with only 23 percent able to see as far as layer 7.
As an aside, Arbor also noticed a tendency to rely on firewalls (56 percent) and IDS/IPS systems (42 percent) to battle DDoS attacks, probably by closing ports or filtering certain types of traffic. This s a drastic response although it might work on some occasions; it also stops useful applications from working at all, in effect killing service.
But DDoS mitigation firms have a vested interest in drawing attention to these limitations because they can be one way of getting around the need to use more sophisticated services.
It was less of a surprise that DDoS attacks sizes reached new peaks during 2013, including the notorious Spamhaus reflection attack that peaked at 309Gbps. Attacks above 100Gbps are now well documented, Arbor said, including those targeting specific parts of Internet infrastructure such as the open DNS servers that turned Spamhaus into a household name.