The DDoS attacks are becoming more and more vehement, because the botnets behind them are getting bigger and new attacks are multiplying their clout. How long will that continue? And what can you do about it?
Let’s take a look at the individual factors: First there are the botnets, which are now used for most DDoS attacks. Then the various attacks that try to paralyze their goals. And last but not least, the possibilities for warding off these attacks — which nowadays usually only consist in commissioning a service provider with the defense. This could be either a Content Delivery Network or a specialized service to defend against DDoS attacks.
The attackers: Botnets
Initially, compromised desktop computers were used for DDoS attacks. At some point, however, the cybercriminals realized that the devices of the IoT were also suitable for this purpose. It finally got off the ground in the fall of 2016, when the Mirai botnet paralyzed, among other things, the website of IT security specialist journalist and journalist Brian Krebs, KrebsOnSecurity.com. You can read the backgrounds in the developer magazine 1.2017 , here we are only interested in the attacks themselves. Table 1 shows an overview of them.
Table available here
September 20, 2016: The first attack on Brian Krebs
On the evening of September 20, www.krebsonsecurity.com was the first victim of a DDoS attack by the Mirai Botnet. The site was protected from such attacks by the Akamai and the attack went nowhere, so there were no big failures. But according to Akamai, the attack, at around 620 gigabits per second, was nearly twice the size of the largest attack ever seen (363 Gbps) and was one of the biggest attacks of its kind the Internet has ever seen would have. What’s also unusual is that so far, DDoS attacks have mostly used techniques to further increase the traffic of the attacker (for example, through DNS Reflection, which redirects replies to spoofed DNS requests to the attacked server). But this attack was based solely on a very large botnet. A large number of requests were simply sent to the web server, including SYN, GET, and POST floods.
September 20, 2016: DDoS attack on OVH
Also on 20 September there was a DDoS attack on the French web host OVH , which even outshines the attack on www.krebsonsecurity.com : It was up to a total of 1.1 terabits per second measured. OVH founder Octave Klaba has been reporting on Twitter on the attacks that started on September 18 and ran for several days, peaking on September 20 (Table 1 shows only a selection). The attacks seem to have originated from the same botnet used for the attacks on Brian Krebs’ website.
September 22, 2016: Further attacks force Akamai to give up
After the DDoS attacks on Brian Krebs’s website continued to grow , Akamai gave up on September 22, 2016, and ceased protection . What did not resent Brian Krebs Akamai, however, as they had successfully protected his server for four years for free and the defense of the current attacks was very expensive.
September 25, 2016: Google jumps in cancer
On September 25, 2016, the Brian Krebs website was back online, now protected by Google’s Project Shield . This is a free program from Google to protect journalists and news sites from DDoS attacks designed to suppress unwanted opinions.
September 28, 2016: The source code of the botnet is published
On September 28, 2016, the source code for the attacking IoT bot called “Mirai” was published by the user “Anna-Senpai” on Hack Forums . Meanwhile, the source code is hosted on GitHub so researchers can examine it.
October 21, 2016: DDoS attack on dyn
On October 21, 2016, there were multiple DDoS attacks on Dyn’s managed DNS infrastructure . As a result of the attacks, Dyn’s name servers were unreachable, causing DNS requests for domain-managed Dyn names to fail. As a result, the websites of some major vendors such as Amazon, GitHub, Netflix, PayPal, Reddit, Spotify, and Twitter were temporarily unavailable in parts of the US and Europe on October 21. Most of the attacks were from a Mirai botnet , but it is not known exactly which, because there were several botnets based on the published Mirai source code .
November 24, 2016: Mirai-Botnet for rent
On November 24, 2016, BleepingComputer reported that cybercriminals were offering to rent the services of a Mirai botnet from at least 400,000 compromised IoT devices via XMPP / Jabber. The devices should be infected with an improved Mirai version.
March 28, 2017: Mirai attacks at the application layer
So far, the DDoS attacks i. A. on the network layer. On March 28, 2017, a DDoS attack launched on an Imperva-protected US college . The special thing about this attack:
- It took place on the application layer. Details were unfortunately not published, it became known only that it was “more elaborate application layer attacks”.
- At 54 hours, it ran significantly longer than most previously observed DDoS attacks on the application layer (of which ninety percent lasted less than six hours).
- Crime is worth it …
- … just wondering, for whom
- Even smartphones and Co. can DDoSen
- Flooding attacks
- Mirai’s attack on the application layer
and many more questions and answeres by reading the full post
Thanks for your time! :)