Skip Links

Has progress been made in fighting DDoS attacks?

WikiLeaks turmoil spurs online debate over state of prevention, mitigation

By , Network World
December 09, 2010 07:49 PM ET

Network World - As the distributed denial-of-service attacks spawned by this week's WikiLeaks events continue, network operators are discussing what progress, if any, has been made over the past decade to detect and thwart DoS attacks.

Participants in the North American Network Operators Group (NANOG) e-mail reflector are debating whether any headway has been made heading off DDoS attacks in 10 years. The discussion is occurring while WikiLeaks deals with DDoS attacks after leaking sensitive government information, and sympathizers launch attacks against Mastercard, Visa, PayPal and other significant e-commerce sites.

"February 2000 weren't the first DDoS attacks, but the attacks on multiple well-known sites did raise DDoS' visibility," writes Sean Donelan, program manager of network and infrastructure security at the Department of Homeland Security, on the NANOG reflector. "What progress has been made during the last decade at stopping DDoS attacks?"

From there, multiple participants debate whether progress has indeed been made and if DDoS attack sources and targets can do anything proactively and effectively to detect, prevent and/or mitigate an attack.

"If anything, the potential is worse now than it ever has been unless you have just ridiculous amounts of bandwidth, as the ratios between leaf user connectivity and data center drops have continued to close," participant Blake Dunlap responds. "The finger of packety death may be rare, but it is more powerful than ever, just ask Wikileaks; I believe that they were subject to 10Gbit+ at times. At least the frequency has dropped in recent years, if not the amplitude, and I am thankful for that."

WikiLeaks had its domain name service terminated last week after repeated DDoS attacks against the WikiLeaks site.

Another participant, Arturo Servin, responds, "One big problem of DDoS is that sources (the host of botnets) may be completely unaware that they are part of a DDoS. (On) the other hand the target of a DDoS cannot do anything to stop an attack besides adding more (bandwidth) or contacting one by one the whole path of providers to try to minimize the effect."

On the glass-half-full side, some participants say using a distributed architecture with anycast and loads of bandwidth will help mitigate attacks, or limit them to a subset of nodes. Others say eliminating botnets is a preventative measure.

"DDoS is just a symptom. The problem is botnets," states Roland Dobbins, solutions architect at Arbor Networks. "Preventing hosts from becoming bots in the first place and taking down existing botnets is the only way to actually prevent DDoS attacks. Note that prevention is distinct from defending oneself against DDoS attacks."

Easier said than done.

"Actually, botnets are an artifact," responds participant Bill Manning. "Claiming that the tool is the problem might be a bit shortsighted. With the evolution of Internet technologies I suspect botnet-like structures to become much more prevalent and useful for things other than coordinated attacks."

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News