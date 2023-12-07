What is a DDoS attack?

First, these attacks have changed a lot over time. Maybe not in terms of vectors, but in terms of sophistication, for one thing. We remember the earlier, more primitive web and how little time it took for a server to crash. Things are different now – but hackers are still finding interesting ways to attack and compromise systems.

You can characterize a modern DDoS attack by its nature and the purpose it aims to disrupt. You can view the report and see which categories of attacks are trending. Or you can talk to the people who are on the front lines!

But some people are making mitigation efforts that will help make these types of attacks more difficult for hackers.

One thing we’re seeing in the security world is the rise of UDP attacks, where hackers are using the Layer 4 protocol because, in some ways, it’s easier than TCP.

CISA is warning about the ubiquity of UDP attacks, and you can see more evidence of this trend in places like the Cloudflare blog.

In her MIT speech, Karen Sollins explained how to mount an offense against DDoS attackers.

She starts with a real experience where she was involved in deescalating an attack.

“The press was on my phone,” she says. “It was an exciting day.”

While mentioning the need for preliminary mitigation and evaluating attacks, she also points to the scale of the problem – with hundreds of thousands of bots in powerful botnets, she points out, it can be difficult to stop volumetric attacks.

“These are attacks where the traffic looks completely legitimate,” she says. “They are very difficult to identify… We have, in the region, a large group of companies that are really trying to provide relief to victims.” Have come forward to try, if they cannot do it themselves. “We are seeing that many types of attacks are taking place.”

See where Sollins specifically addresses UDP attacks:

“Kaspersky was reporting last year that over 50% of their traffic was UDP traffic,[these]were UDP attacks. …So the vast majority of what they’re seeing are layer four protocol attacks. Down on the lower graph, we see Microsoft reporting the other way, the vast majority of the traffic they are seeing is TCP – UDP plays a slightly lesser role in it. But again, Layer 4 traffic is actually the means to deliver these attacks.

Sollins also mentioned fake addresses and other strategies that hackers use to disguise their traffic and make it appear legitimate.

She also wants to pass the cost of the attacks on to the hackers. she explains:

“If we look at the costs incurred here, the attackers themselves are bearing very little cost; The victims, and anyone they pay… are, in fact, bearing the burden of the costs. So what we’re doing is trying to reverse engineer the problem, what we hope is that our attackers will have to take on some of the burden, do some of the work, use up some of their resources to send traffic. : If they don’t, their traffic will be automatically removed… so what we’re doing is realigning the cost burden here.

One way to do this is through a proof-of-work system where the sender has to do something to receive a packet.

She also addresses criteria including the nature of the attack, the nature of the application, and the topology environment.

She suggests that it is important to run experiments.

“We run a set of experiments, we choose a set of applications that we’re going to do on it, we choose a protocol that is the medium of attack, we choose the topology, and so forth,” she says. “And then we run a series of experiments, we run a set of experiments where nothing is going wrong, which gives us baseline traffic, we run another set of experiments with mitigation, but to understand the overhead. There’s nothing else for mitigation. We attack without any mitigation to understand the threat. And finally, we run it with everything turned on. And look at the difference that makes us: overuse of Efficacy.

This is an interesting look at cybersec in an era where it is a major issue for almost any company!

In addition to CISA recommendations, like stateful UDP inspection and Border Gateway Protocol, think about what Sollins and team are doing to add dimension to the security response against DDoS attacks – after all, DDoS attacks have long been a reliable method of compromise. There are online systems practically since the birth of the Internet. They have become more sophisticated now, and hackers are, in some cases, taking advantage of a much lower bar.