Defenses against DDoS strengthening: survey

While most networks are adept at repelling small distributed denial-of-service attacks, few are prepared for large-scale botnet attacks that employ tens of thousands of zombie hosts, says a new report by Arbor Networks.
In their third annual survey of network infrastructure security, network security firm Arbor Networks found ISPs feeling optimistic about their ability to take on DDoS and botnet attacks, as more than half surveyed believe they have invested in enough infrastructure to mitigate botnet swarms. 

However, it cautioned that their improvements in halting “relatively unsophisticated brute force flooding efforts” would not be enough to stop more high-speed attacks. “All of the ISP optimism about infrastructure security should be tempered by the survey data on emerging critical infrastructure,” says the study, which also reported that nearly 90% of respondents had not  developed systems to protect their VoIP infrastructure. “Most individual core Internet backbone links today are no larger than 10 Gbps... as such, most of the larger attacks today still easily inflict collateral damage on infrastructure upstream from targets themselves.”

The survey found that there is a widening gap between standard DDoS attacks and “multi-gigabit professional efforts involving tens of thousands of zombie hosts.” At their worst, these attacks are more powerful than any attack the survey has yet recorded, reaching rates of 24 Gbps. However, while the size of the largest DDoS attacks has increased, the survey found that number of attacks that occur at speeds of over 10 Gbps is still fairly rare. Less than 5% of respondents reported seeing attacks of over 10 Gbps, while only two respondents reported seeing attacks of 20 Gbps.

The survey found that botnets, which are networks of bots that are used carry out DDoS attacks and usually reside within unwitting zombie computers, are seen as the most significant threat by ISPs. It marked the first time that Arbor had listed botnets as a survey option for potential threats to Internet service; in previous editions of the survey, DDoS attacks had been the overwhelming choice as the top threat.

The largest type of DDoS attacks employed within the last year were UDP Floods, which involve sending high numbers of User Datagram Protocol packets to ports at a targeted system. Forty-three percent of respondents listed UDP floods as the largest attack in terms of bits per second, while 41% listed them as the largest packets per second attack.
The most popular tools used for mitigating DDoS attacks were access control lists, which also took the top spot in last year’s Arbor survey. BGP destination-based real-time blackhole routing and scrubbers were the second and third most popular tools, respectively.

The survey was conducted among more than 70 self-classified Tier 1, Tier 2 and other IP network operators from four   continents, and consisted of 87 free-form and multiple-choice questions.