Massive Botnet Attack Proves That Firewalls Offer No DDoS Protection

Recently the source of a massive botnet distributed denial of service (DDoS) attack has been uncovered. This DDoS attack has been ongoing for the past few weeks, attacking various businesses across the globe. The botnet is composed of approximately 25,500 compromised closed-circuit television (CCTV) systems, used to launch Layer 7 DDoS attacks. US-based security vendor Sucuri discovered this botnet when a jewelry store that was facing a prolonged DDoS attack opted to move their website behind Sucuri's WAF (Web Application Firewall) product. The firewall didn’t resolve the DDoS attack. Instead, According to, “…as soon as the attackers saw the company upgrade their website, they quickly ramped up the attack to 50,000 [HTTP requests per second].”

This botnet incident raises two points worth emphasizing:

  1. The Internet of Things (IoT) Creates Multiple Attack Surfaces

For a long time, we’ve been warning that the IoT brings a host of opportunities for DDoS hackers, simply because it is far too easy to “own” or compromise a “smart” device connected to the Internet. Botnets are known as “zombie armies” that can be deployed on thousands—if not millions—of connected devices to send a spam attack, spread malware or launch a DDoS attack. The more Internet-connected devices there are, the greater the potential for extremely large botnets. This most recent DDoS botnet is the largest ever involving CCTV devices, but it is a sign of similar things to come. Massive botnet attacks will become more common.

It’s interesting that the sub-headline of the Softpedia article about this botnet attack is “All clues lead back to Chinese DVR vendor TVT.” Given that the hackers may have exploited a flaw in the firmware of that company’s CCTV DVRs, one might be tempted to argue that the fault lies in the CCTV manufacturer; i.e., the attacks would not have happened if there was no vulnerability in the device firmware. It’s true that manufacturers of things connected to the Internet should always beef up the built-in security of their products, but let’s face it, doing so would not stop all DDoS attacks. Even if a product has no security flaws, the average user of internet-connected devices, whether they are in a smart home, smart appliance, smart car or smart office, does not typically pay close attention to software updates or critical patching schedules. Besides, hackers often find a way of working around built-in security features.

  1. Firewalls Can’t Protect You from DDoS Attacks.

It’s a myth that firewalls can protect you from DDoS attacks. We often talk to prospects who have firewalls, and explain that they are ineffective as a defense against DDoS attacks. Although firewalls are designed to, and still do, protect networks from a variety of security issues, there are gaping holes when it comes to DDoS and malicious server targeted attacks. Firewalls can't protect against complex DDoS attacks; actually, they act as DDoS entry points. Attacks pass right through open firewall ports that are intended to allow access for legitimate users.

Yet surprisingly, in a recent survey of security professionals, nearly one third (30%) of respondents rely on traditional security infrastructure products (firewall, IPS, load balancers) to protect their businesses from DDoS attacks. Those companies are very vulnerable to DDoS attacks because it’s well documented that traditional security infrastructure products aren’t sufficient to mitigate DDoS attacks.

Key Takeaways

You can’t protect every IoT device from hackers, but you can protect your own network. However, a firewall alone just won’t do the job. True network threat protection requires a DDoS solution that detects and blocks DDoS traffic via an on-premises appliance—in front of the firewall—at the network edge. A DDoS Protection Solution that complements a firewall, and allows clean, legitimate traffic to flow through normally, without any impediment. One where hackers can launch attacks, but the attempts are not successful.

To learn more about Corero DDoS mitigation solutions, please contact us.