Could Volumetric DDoS Attacks Shut Down the Internet?

The Short Answer


Major 2016 DDoS Attacks

By all accounts, 2016 was one for the record books in terms of cybersecurity woes, capped off with last week’s announcement of yet another, even larger Yahoo breach. Major security breaches have become so common that they hardly surprise anyone anymore. But the general population and business community did feel alarmed in October, when a massive, 1.2 Tbps distributed denial of service (DDoS) attack on the Domain Name Service provider Dyn temporarily shut down a variety of household-name websites, including, but not limited to Air BnB, Netflix and Twitter. That attack was a wake-up call, and it was just one of several massive, record-breaking DDoS attacks that plagued the Internet in 2016.

2017 DDoS Attack Landscape

Unfortunately, it seems that next year DDoS attacks will get worse before they get better. Many people are now asking the question, were the 2016 DDoS attacks just warm-up drills or test runs for even larger attacks that would cripple large parts of the Internet? The potential certainly exists; is it probable? Yes it is, given the recent trends in the cyber threat landscape, such as the release of the Mirai botnet code, the vast attack surface of millions of insecure devices connected to the Internet of Things (IoT), and the increasing sophistication of DDoS hackers.

Furthermore, the Security Operations Center at Corero recently discovered a new DDoS attack vector, an amplification attack that utilizes the Lightweight Directory Access Protocol (LDAP). Although Corero’s team of DDoS mitigation experts has so far only observed a handful of short but extremely powerful attacks against their protected customers originating from this vector; the technique has potential to inflict significant damage by leveraging an amplification factor seen at a peak of as much as 55x. Therefore, in terms of its potential scale, if that new vector is combined with the Mirai IoT botnet that was utilized in the recent 655 Gigabyte attack against security researcher Brian Krebs’s website, we could soon see new records broken in the DDoS attack landscape, with potential to reach tens of Terabits per second in size in the not too distant future. Such volumetric attacks would be enough to significantly impact Internet availability in states, major geographic regions or even countries. ISPs themselves could be crippled by such large attacks.

All hope is not lost, however. It is possible to block and detect DDoS attacks at the top of Internet traffic gateways, where ISPs are the key gatekeepers. They can, and should, keep network traffic clean for their networks and all of their downstream customers. ISPs can help solve the DDoS problem in a couple of ways. First of all, as Corero COO & CTO Dave Larson states,

“If ISPs are not following BCP 38, or network ingress filtering in their environment, they should be. If all operators implemented this simple best practice, reflection and amplification DDoS attacks would be drastically reduced.”

Second, there are now anti-DDoS technology solutions available to protect ISPs and their downstream customers. Providers can now deploy their DDoS mitigation operations at peering or transit points, using technology that is scalable and responsive. These systems are automated, always on and capable of responding to attacks as they happen – thus reducing headaches for providers everywhere.

The bad news is that DDoS hackers will almost certainly generate larger volumetric attacks, but the good news is that some ISPs have already deployed DDoS protection that will prevent those attacks from affecting their networks.

For more information, contact us.