New DDoS Mitigation Efforts Must Come from Multiple Sources

Denial of service attack on centralized server

DDoS attacks have long been a problem that those in the data center industry have had to fight. These attacks simply flood specific servers, websites, or entire data centers with huge amounts of traffic, which makes them unable to service the legitimate traffic. This has long been one of the easiest and most affordable ways for hackers to target their victims, and over the years DDoS attacks have been used to take down some very high profile sites.

Virtually all data centers today, however, have DDoS mitigation services in place. These services watch for sudden spikes in traffic, and then route all the traffic to ‘scrubbing’ facilities, which identify the attack traffic, remove it, and forward the good traffic on to its original destination. This is an effective way to thwart these types of attacks. Unfortunately, the bad actors online are always looking for new and innovative ways to cause problems.

Advanced DDoS Attacks

DDoS attacks are always evolving, and in today’s world, are much more difficult to detect. The following are some of the different things that hackers are doing with these types of attacks to help make them more effective, and less detectable:

  • High Resource Downloads – Rather than flooding a site with huge amounts of traffic to take it down, modern attacks will send far fewer requests, but ask for resource intensive services. For example, having 1000 requests for a large PDF will cause more issues and be less detectable than sending a million pings.
  • Multi Source Attacks – Having multiple sources for a DDoS attack can make it more difficult to detect and stop. All DDoS attacks come from a wide range of individual devices, but having them come from locations around the world, and send different types of traffic, can be effective.
  • Longer Duration – DDoS attacks are being done for longer periods of time, and using more traffic than ever. This can cause DDoS mitigation services to become more costly, and can also result in some legitimate traffic getting caught in the scrubbing.
  • DNS Attacks – Rather than attacking a website or data center directly, attacks can hit DNS services, which if successful, can take down thousands of sites and services at once.

Joseph Blankenship, who is an analyst at Forrester Research, comments on this saying, “…having protection in place for volumetric DDoS attacks doesn’t necessarily mean that a company is safe from application-based or multi-vector attacks.”

Advanced DDoS Protections

Modern DDoS protection services need to be able to detect and respond to these advanced attacks. Specifically, they are incorporating complex algorithms to identify harmful traffic, which can’t simply be found by looking for spikes in traffic anymore. Using these advanced algorithms it is possible to find problem traffic and send it along to be scrubbed, which helps to minimize the risk of downtime.

It is also becoming clear that simply monitoring traffic for abnormalities and sending it for scrubbing is not enough. To help combat attacks, multiple layers of protection are needed, which includes telecommunications companies, security providers, data center operations, and others.

Each segment can watch for attacks at a different point throughout the Internet. When it is detected, it can be scrubbed before traffic is passed along. It may be possible, for example, to have a telecommunications company spot a DDoS attack much closer to its source, and drop the traffic very early on in the process. This way, website owners and even data centers are never even aware the attack took place. Matthew Prince, the CEO of Cloudflare, talked about how it having multiple layers of DDoS prevention can help to, “..stop them as far upstream as we can.”