Four security experts weigh in on why there’s been little progress in combating DDoS attacks and how companies can start fighting back. The scale, diversity, and magnitude of recent DDoS attacks have knocked enterprises back on their heels. Now they’re attracting attention from regulators. Intended or not, attackers are forcing a sea change. The question at hand is whether self-regulation will improve or if regulatory intervention is inevitable. Cloudflare’s recent analysis of a February 13 denial of service attack explains the most recent variation on a recurring DDoS attack theme, and in doing so illustrates that we’ve made little or no progress in mitigating root causes of DDoS: The attack was distributed , emanating from over four thousand servers and twelve hundred networks. The attack used reflection , a technique where the source IP address of query traffic is “spoofed.” All of the attacking hosts set the source IP address of queries to the IP address of the targeted host so that the responses will overwhelm the victim. The attack also used amplification , a technique where a small query results in a much larger response being transmitted in order to deplete the target’s resources more rapidly. There are also other similarities between this and prior DDoS attacks. The attacks exploit UDP-based services (DNS, chargen, and now NTP). They exploit the absence of anti-spoofing measures by ISPs or private networks, and they exploit the “open” operation of these services, taking advantage of open DNS resolvers, publicly accessible network time servers, and services that should be configured to respond only to clients within specific administrative domains. The takeaway is obvious: Services that run over UDP and are accessible in a public or open manner are targets for reflection or amplification attacks, and the ability to spoof IP addresses exacerbates this threat .
Original post:
DDoS Attack! Is Regulation The Answer?