Defenses against DDoS strengthening: survey

Results warn of increasing dangers of highly sophisticated attacks at speeds of up to 24 Gbps

In their third annual survey of network infrastructure security, network security firm Arbor Networks found that While most networks are adept at repelling small DDoS attacks, few of them are prepared for large-scale botnet attacks that employ “tens of thousands” of zombie hosts.

While most networks are adept at repelling small distributed denial-of-service attacks, few are prepared for large-scale botnet attacks that employ tens of thousands of zombie hosts, says a new report by Arbor, network security firm Arbor Networks found ISPs feeling optimistic about their ability to take on DDoS and botnet attacks, as more than half surveyed believe they have invested in enough infrastructure to mitigate botnet swarms. 

In their third annual survey of network infrastructure

However, it cautioned that their improvements in halting “relatively unsophisticated brute force flooding efforts” would not be enough to stop more high-speed attacks. “All of the ISP optimism about infrastructure security should be tempered by the survey data on emerging critical infrastructure,” says the study, which also reported that nearly 90% of respondents had not  developed systems to protect their VoIP infrastructure. “Most individual core Internet backbone links today are no larger than 10 Gbps... as such, most of the larger attacks today still easily inflict collateral damage on infrastructure upstream from targets themselves.”

The survey found that there is a widening gap between standard DDoS attacks and “multi-gigabit professional efforts involving tens of thousands of zombie hosts.” At their worst, these attacks are more powerful than any attack the survey has yet recorded, reaching rates of 24 Gbps. However, while the size of the largest DDoS attacks has increased, the survey found that number of attacks that occur at speeds of over 10 Gbps is still fairly rare. Less than 5% of respondents reported seeing attacks of over 10 Gbps, while only two respondents reported seeing attacks of 20 Gbps.

The survey found that botnets, which are networks of bots that are used carry out DDoS attacks and usually reside within unwitting zombie computers, are seen as the most significant threat by ISPs. It marked the first time that Arbor had listed botnets as a survey option for potential threats to Internet service; in previous editions of the survey, DDoS attacks had been the overwhelming choice as the top threat.

The largest type of DDoS attacks employed within the last year were UDP Floods, which involve sending high numbers of User Datagram Protocol packets to ports at a targeted system. Forty-three percent of respondents listed UDP floods as the largest attack in terms of bits per second, while 41% listed them as the largest packets per second attack.

The most popular tools used for mitigating DDoS attacks were access control lists, which also took the top spot in last year’s Arbor survey. BGP destination-based real-time blackhole routing and scrubbers were the second and third most popular tools, respectively.

The survey was conducted among more than 70 self-classified Tier 1, Tier 2 and other IP network operators from four   continents, and consisted of 87 free-form and multiple-choice questions.

Learn more about this topic

Arbor Networks launches new threat-analysis initiative


Hackers step up DDoS attacks with the use of “zombie armies”


How big is the botnet problem?


Why we’re losing the botnet battle


Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.