DDoS Protection

Denial of Service, Distributed Denial of Service or DDoS attacks overwhelm a target with either too many connection requests or too much bandwidth. The intended result is to make the target inaccessible, although other infrastructure elements (routers, switches, load balancers, etc.) may suffer collateral damage along the path of an attack. A variety of attack types, including connection floods, TCP SYN floods, and ICMP/UDP floods may be used in such an attack. Attacks are often launched against high profile targets by using a network of zombie machines in a botnet. Sources can be forged, although targets are usually not forged.

Over the last two years, the term “DDoS attack” has made its way into the public media stream. Today even non-technical people are aware of the existence and potential impact of such attacks. In years past, DDoS attacks have been dominated by “volumetric” attacks usually generated by compromised PCs that are grouped together in large-scale botnets. Some well-publicized examples include the DDoS attacks against UK-based online betting sites where the hackers extorted the gambling firms, and the politically motivated DDoS attacks against the Georgian government.

DDoS Protection Play Now | Play in Popup | Direct Link

This type of DDoS attack is generally high bandwidth and originates from a large number of geographically distributed bots. The size of these volumetric DDoS attacks continues to increase year over year, and they remain a major threat to enterprises and ISPs alike. In fact, according to Arbor’s sixth annual Worldwide Infrastructure Security Report (2010), the largest reported DDoS attack was 100 Gbps—representing a 100% increase over the size of attacks reported the prior year.

Not only are attacks increasing in size, but they are also increasing in complexity as new types of DDoS attacks continue to emerge and threaten the availability of Internet-facing businesses and services. Conduct a quick search on the Internet and it’s not difficult to find media coverage regarding online banking, e-commerce and even social media sites that have been victims of application-layer DDoS attacks. The motivation? Most of the time it’s for financial gain, but other incentives include political “hactivisim” or just plain old ego. And thanks to a growing trend of do-it-yourself attack tools and “botnets for hire,” even a computer novice can execute a successful DDoS attack. For example, possibly one of the most publicized series of DDoS attacks happened in 2010 when a group of Wikileaks supporters and hactivists known as “Anonymous” used social media sites to recruit and instruct supporters on how to download, configure and execute an application-layer DoS attack against several targets (the group called these attacks

“Operation Payback”). For those supporters who were not computer-savvy enough to conduct the DDoS attacks themselves, there was an option to “Volunteer your PC for the Cause,” in which case a member of Anonymous would take over the supporter’s PC and make it part of the botnet!

The bottom line: Never before has it been easier to execute a DDoS attack.

Arbor Solutions for DDoS Protection

Arbor Networks has been in the business of Internet-based threat analysis since 2000. During this time, Arbor has gained a reputation as being an industry leader in botnet/DDoS attack analysis, detection and mitigation. Today, Arbor offers the following network security solutions:

  • Arbor Peakflow® SP solution (“Peakflow SP”) and Arbor Peakflow SP Threat Management System (“TMS”): Today, a majority of the world’s ISPs rely on Peakflow SP and TMS to help protect their network infrastructure and deliver network-based DDoS protection services to their customers. Together, Peakflow SP and TMS offer an ideal network-based intelligent DDoS mitigation system.
  • Pravail™ Availability Protection System (“Pravail APS”): To help protect data centers against DDoS attacks, Arbor offers the Pravail APS.
  • Cloud Signaling: By combining its solutions, Arbor offers a powerful capability known as Cloud Signaling, which allows a data center-based Pravail APS appliance to actively communicate with a network-based Peakflow SP and TMS deployment—enabling a comprehensive, layered DDoS protection solution. The next few pages highlight some of the key features of each of these products.

To learn more, visit Arbor Networks. white paper library.

Popularity: unranked [?]