What is in a DDoS attack?
First of all, these attacks have evolved significantly over time. Maybe not in terms of vectors per se, but in terms of sophistication, firstly. We remember the earlier, more primitive web and how little time it took to crash a server. Things are different today, but hackers still find interesting ways to attack and compromise systems.
You can characterize a modern DDoS attack based on its nature and what it is intended to disrupt. You can view the reports and see which categories of attacks are trending. Or you can talk to people who are on the front lines!
But some are continuing mitigation efforts that will help make it much more difficult for hackers to continue these types of attacks.
One thing we’re seeing in the security world is the rise of UDP attacks, where hackers use the Layer 4 protocol because, in some ways, it’s simpler than TCP.
CISA is a warning about the pervasiveness of UDP attacks, and you can see more evidence of this trend in places like Cloudflare Blog.
In her talk at MIT, Karen Sollins explains how to attack DDoS attackers.
She begins with an anecdotal experience where she helped mitigate an attack.
“The press was on my phone,” she said. “It was an exciting day.”
Discussing a priori mitigation and the need to evaluate attacks, she also highlights the scale of the problem: with hundreds of thousands of bots in powerful botnets, she points out, it can be difficult to stop attacks. volumetric attacks.
“These are attacks where the traffic itself appears to be completely legitimate,” she says. “They are very difficult to recognize…we have, in this space, a large number of companies that have stepped up to try to provide mitigation for victims, if they can’t do it themselves. We find that there are a number of different types of attacks.
Find out where Sollins specifically addresses UDP attacks:
“Kaspersky reported last year that more than 50% of its traffic was UDP traffic, and that these were UDP attacks. …So the vast majority of what they see are layer four protocol attacks. Down on the bottom graph we see Microsoft reporting the opposite, the majority of traffic they see is TCP – the UDP play plays a slightly lesser role. But again, Layer 4 traffic is really the vehicle to launch these attacks.
Sollins also mentions spoofed addresses and other strategies hackers use to disguise their traffic and appear legitimate.
It also wants to pass on the cost of attacks to hackers. She explains:
“If we consider the costs incurred here, the attackers themselves bear very little of the cost; the victims and everyone they pay to…actually bear the burden of the cost. So what we’re doing is trying to turn the problem around, what we’re hoping is that our attackers will have to take some of the burden, do some work, use some of their resources, in order to send traffic: if they don’t. Otherwise, their traffic will automatically be removed… so what we’re doing is realigning the cost burden here.
One way to do this is to use proof-of-work systems in which the sender must do something to get a packet through.
It also addresses criteria such as the nature of the attack, the nature of the application and the topological environment.
It is important, she suggests, to conduct experiments.
“We run a series of experiments, we choose a set of applications to do this on, we choose a protocol that is the attack vehicle, we choose topologies, and so on,” she says. . “And then we run a series of experiments, we run a series of experiments where nothing goes wrong, which gives us baseline traffic, we run another series of experiments with mitigation enabled, but nothing goes wrong. Nothing else happens, to understand the overload of the mitigation. We carry out the attack without any mitigation to understand the threat. And finally, we run it with everything turned on. And look at the difference that gives us: effectiveness of overuse of this.
This is an interesting look at cybersec, at a time when it is a major issue for almost every business!
In addition to CISA recommendations, such as stateful UDP inspections and border gateway protocols, consider what Sollins and his team are doing to add a dimension to the security response against DDoS attacks – after all, attacks DDoS have been a reliable method of compromise. online systems practically since the birth of the Internet. They’re just more sophisticated now and hackers are, in some cases, taking advantage of a pretty low bar.