Cleaning up DDoS at the Network Edge

Hosting providers and/or the tenants they serve experience distributed denial of service (DDoS) attacks on a daily basis. Hosting providers are often prime targets because they govern the websites of thousands of customers. If hackers can disrupt a hosting provider, or one of their hosted customers, then other tenants can suffer collateral damage.

Large-scale DDoS attacks on hosting providers that make news headlines, such as the Halloween DDoS attack on 123 Reg last week,are relatively rare. Research has shown that the overwhelming majority (93%) of DDoS attacks are under 1Gbps and under five minutes in duration.

Smaller DDoS Attacks are Just as Damaging

One would think that low-threshold, sub-saturating DDoS attacks are no big deal. On the contrary, small attacks can be just as sinister as volumetric attacks for three reasons:

  1. They steal bandwidth, which impedes overall network performance
  2. They consume IT security staff time for troubleshooting
  3. They often serve as sophisticated reconnaissance vectors.

Attackers use these reconnaissance vectors, also known as “Dark DDoS,” to determine whether a hosting provider network is weak and vulnerable to be exploited. A small DDoS attack takes only seconds to take down a firewall before installing malware or mapping a network for its vulnerabilities.

Because the attacks are so short – typically less than five minutes in duration – reconnaissance vectors are often overlooked by security teams and legacy/traditional DDoS scrubbing solutions, whose thresholds are set much higher for redirecting traffic. In contrast, an advanced in-line DDoS attack defense solution that has granular detection capabilities can detect and block all DDoS attacks in real-time, and can be deployed at the network edge.

For more information, contact us.

Leave a Reply