Another day, another DDoS attack. The most recent, and high profile attack that I’ve read about was on New York Magazine yesterday.
Distributed Denial of Service (DDoS) attacks are attacks against availability and are quite prevalent today. Do a search on social media for #ddos and you will see what I mean.
In May, Karspersky reported that there were 12,281 unique victims of DDoS attacks during the first quarter of 2015. Arbor Networks, experts in DDoS mitigation, recently highlighted that the average size of attacks are increasing.
Many organizations that are really concerned about availability have a strategy in place to detect and deal with DDoS attacks. The strategy usually includes preparing an incident response plan, working with the ISPs or DDoS mitigation service providers and doing an annual exercise or simulation to test the plans.
However, preparing for the attack is only half of the story.
Lack of urgency (or interest) to remove open SSDP, NTP or DNS servers, and adoption of SAVE (aka BCP38) allows attackers to potentially abuse them to launch reflection amplification attacks. Shadow Server Foundation has been tracking the size of the problem and you can see for yourself if there might be some of these open servers running in your backyard (DNS, NTP, SSDP).
At APNIC, we are really keen to work with interested parties – our Members, the CERTs/CSIRT community, and others – to tackle this problem in our region. We also discuss this issue at our events and events we contribute to.
Finally, I’ll leave you with this video from APRICOT2015, which has some advice to network operators on what they can do to mitigate DDoS attacks.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.