DDoS Attacks – Are We Really Fighting?
Craig Labovitz, chief security scientist at Arbor Networks, analyzed DDoS attacks using the company's ATLAS internet mapping technology, and according to him, the biggest problem facing these sites is flood attacks.
During 2010, he said, Arbor Networks observed many DDoS attacks in the 50+ Gbps range.
"These large flood attacks typically exceed the total inbound bandwidth capacity of data centers and carrier backbone links (typically OC192/10 Gbps)," he said in his security blog.
And, he went on to add, despite thousands of tweets, news articles and endless hype, most of last week's attacks were relatively small and simple.
"In short, these attacks are not conspicuous, apart from the intense censorship of the media," he explained.
For example, on the third day after the Cablegate file was originally published (December 1), his company analyzed DDoS activity against multiple WikiLeaks-hosted sites, and he said that DDoS traffic never exceeded 3-4 Gbps.
Mitigating attacks of this scale, he claims, is fairly routine for 1/2-tier ISPs and large content/hosting providers, and more vexing than looming critical infrastructure threats — "or'easy to block,' as one Internet engineer explained."
Labovitz said that in an incident last week, about 20 percent of retaliatory attack DDoS HTTP requests came from a new VARIANT of LOIC, predictably LOIC-2.
"The new version of loics — a complete rewrite of loics — supports additional 'hive' remote control command channels, including RSS, Twitter and Facebook," he said.
"More importantly, LOIC-2 supports two new 'slow' attack methods (i.e., a DDoS policy where the client deliberately extends http transaction time to increase the burden on the victim server)," he added.
And, arbor Networks chief scientist went on to say that while the last round of attacks resulted in a brief outage, most carriers and managed service providers were able to quickly filter attack traffic.
In addition, he said, the attacks primarily targeted web pages or light-reading blogs, rather than the more critical back-end infrastructure that serves business transactions.
"By the end of the week, anonymous followers had mostly abandoned their attack plans because they were ineffective," he said.
"So, ultimately, I suggest that last week's DDoS attack around WikiLeaks proponents and opponents is far from a cyberwarfare," he added.
While its title is far less sexy, cyber vandalism could be a more apt description. Similarly, the foreign policy column refers to hactivist DDoS as the digital equivalent of a sit-in for young people around the world. ”
![#Life Diary##Education#Yesterday I was playing with my daughter and suddenly came to my child whose family it was. When I saw us playing, I said, can you play for me? I handed him the pat and looked at him small[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)