This week KrebsonSecurity website has been under a sustained DDOS attack and is offline at time of writing. This article has the details but I wonder if this is the end of DDOS mitigation services and there isn’t an obvious solution.
- The DDOS attack exceeded 600Gbps.
- The reports suggests it wasn’t reflected or amplified DOS attacks using poorly configured NTP & DNS servers just raw traffic from very large numbers of devices.
- “The DDoS threw everything including SYN Floods, GET Floods, ACK Floods, POST Floods, and GRE Protocol Floods at the website, as well as overflowed Krebs’ inbox with subscriptions and Skype with garbage requests.” ZDnet (Link probably unsafe due to ad-spam)
- “the attacks against KrebsOnSecurity harness so-called Internet-of-things devices—think home routers, webcams, digital video recorders, and other everyday appliances that have Internet capabilities built into them” Arstechnica
- Akamai have given up filtering the DDOS attack (which they have been providing for free, it must be said and kudos to them).
- The cost DDOS protection at this level is measured in millions per year (or close to it) and most companies cannot afford this.
- Public Cloud is no protection. Note: DDOS attacks have double cost to the bottom line (you pay per byte for breakthrough bandwidth consumed plus the mitigation service)
- The number of IOT-class devices with execrable security is increasing (there is limited incentive to improve security by vendors) and this means more sources for DDOS attacks.
The Etherealmind View
This is the first time I’ve seen the effective defeat of a DDOS commercial provider. This isn’t a total defeat but an economic one, Krebs doesn’t/can’t pay for DDOS service. Equally, most companies couldn’t afford to pay it either.
While Krebs is a major target, we know that the size/volume of DDOS traffic is increasing and harder to filter because the number of sources can create flows that are harder to detect/mitigate.
My conclusion: DDOS is set become a major problem for any company on the Internet and there isn’t an obvious solution to mitigate. Nor is there a way to avoid the costs.
I’m sure that they DDOS providers like Prolexic/Akamai building out their infrastructure to handle ever larger events and cope with the next generation,
Let me know if there are answers in the comments ?
Krebs is now back online via Google’s Project Shield – https://projectshield.withgoogle.com/public/ and has an article with many details.