DoS and DDoS Attacks: Bigger, Dumber, More Threatening


The year in distributed denial of service (DDoS) attacks can be described pretty simply: Bigger, dumber and more dangerous. At least that's the conclusion not in those words, of course reached by Arbor Networks in the fourth edition of its Worldwide Infrastructure Security Report.


The firm found that DDoS attacks are surpassing 40 gigabits -- double the size found last year -- and have severely tested some ISPs' security infrastructure. If the same doubling happens between this year and next, the report concludes, it will be beyond the ability of some providers to stay operational.


The survey which put 90 questions to 70 security engineers found that the attacks themselves were unsophisticated and aimed at simply overwhelming defenses. The plan, it seems, is in the process of working.


I mentioned this Georgia Tech Information Security Center study last week. Here is Dark Reading's comprehensive rundown on the contents of its annual Emerging Cyber Threats Report. Essentially, the idea is that smartphones finally are set to take their place as the next big thing to worry about, a spot that they have threatened to grab for a while. The danger is that smartphones will be hit with voice fraud, data theft, remote code execution and botnets. Denial of service (DoS), a close relative of DDoS, will be launched via commandeered smartphones.


Session Initiation Protocol (SIP) is the hot signaling protocol for establishing and terminating (or tearing down) a VoIP call. How SIP is implemented and managed is a vital element in determining how liable a network is to security problems, including DoS attacks. It is a highly complex topic. SecureLogix CTO Mark Collier, who runs the VoIP Security Blog, provides a post linking to eight papers on SIP and DoS. The focus at least in these papers is on detection.


It doesn't help that, for a variety of reasons both legitimate and not DNS servers are not being patched, despite the well documented existence of a problem that could lead to DOS attacks. The flaw was discovered earlier this year by researcher Dan Kaminsky. According to figures from an Infloblox sruvey, 40 percent of DNS servers still are vulnerable to the problem.


The dangers were real. Late last week, the British Broadcasting Company was the victim of a DDoS attack. This ZDNet post has the details, which notes the attack originated from different countries and knocked the site out of commission for 75 minutes. The post says the attack wasn't necessarily political, but that politically based attacks are likely to increase in 2009. Last month, an 18-year-old Verona, N.J. man admitted to launching a DDoS attack against the Church of Scientology's Web site. He faces up to 10 years in prison and has agreed to pay a $37,500 penalty.