Poor firewall implementations pave wave for DDoS attacks

The report from Arbor Networks took in responses from 111 service providers in the fixed and mobile space worldwide, and revealed a surge in DDoS attacks, with peak attacks coming in at a hefty 100 Gigabits per second – twice that seen a year earlier.

This, the sixth annual report in a series, revealed that 25% of respondents saw 10 or more DDoS attacks per month, and 69% of service providers experienced at least one attack.

Delving into the report reveals that botnet-driven DDoS attacks are likely to continue as a low-cost, high-profile form of cyber-protest in 2011 and beyond.

According to Arbor Networks, as new equipment, protocols and services are introduced into networks, the vulnerable attack surface for DDoS is expanded.

This, notes the report, presents a significant challenge for network operators, with botnet-driven volumetric and application-layer DDoS attacks continuing to be the most significant problems facing operators.

This year's report is also billed as revealing attackers are targeting the infrastructure itself, specifically domain name system (DNS), VoIP and IPv6.

"Network operators are facing a global internet insurgency driven by the ubiquity of botnets. This has led to rapidly escalating DDoS attack size, frequency and sophistication", said Roland Dobbins, a solutions architect with Arbor Networks.

"Adding to the challenges facing operators is the increasing number of attack vectors, including applications and services, not to mention the proliferation of mobile devices", he continued.

Arbor's report noted that application-layer DDoS attacks are increasing in sophistication and operational impact.

An alarming 77% of respondents detected application layer attacks in 2010. These attacks, says the report, are targeting both their customers and their own ancillary supporting services, such as DNS, web portals, etc.

In addition, internet data centre operators and mobile/fixed wireless operators report that application-layer DDoS attacks are leading to significant outages, increased operational expenditures, customer churn and revenue loss.

Last, but definitely not least, is the assertion in the report that DNS has emerged as one of the easiest ways to DDoS a server/service/application and take it offline by denying internet users the ability to resolve server/resource records.

Additionally, says the report, the large number of misconfigured DNS open resources, coupled with the lack of anti-spoofing deployments on many networks, allows attackers to launch overwhelming DNS reflection/amplification attacks.

What’s Hot on Infosecurity Magazine?