While admitting there're no shortage of people with grudges against the US, a researcher at Arbor Networks' ASERT team said that it is an unlikely scenario.
The attacks, apparently the result of a political squabble between Russian nationals and the newly elected Estonian prime minister, have disrupted web services at numerous Estonian government agencies and financial institutions for weeks.
During a recent two-week period, for instance, ASERT's ATLAS web-tracking service saw 128 unique DDoS attacks on Estonian websites; of those, 115 were ICMP floods, four were TCP SYN floods, and nine were generic traffic floods.
According to Jose Nazario, a senior security researcher with Arbor Networks' ASERT team, which investigates web-based threat activity, the attacks lasted from short, half-hour bursts to one lasting more than 10 1/2 hours. He noted that 10 of the attacks consumed 90 Mbps of bandwidth.
"All in all, someone is very, very deliberate in putting the hurt on Estonia," Nazario said. "This kind of thing is only going to get more severe in the coming years."
The DDoS attacks appear to have been initiated by Russians irked by a proposal by Andrus Ansip, Estonia’s newly elected prime minister, to relocate of a WW2 memorial statue from downtown Tallinn in Estonia to the outskirts of the city. Pro-Russians considered the move to be a slur on their war dead and thus staged the DDoS attacks.
"Could [massive DDoS attacks] happen in the US?" asked Nazario. "Certainly -- there's no shortage of people with grudges against any country, and any geopolitical event could cause one."
That said, he doesn't foresee such an attack taking place on US soil. "We track thousands of attacks a day -- many against US government sites -- and they don't appear to have any substantial impact."
A couple of issues are at work here, he added. "Many US government sites are more low profile -- there are hundreds of departments within the Department of Defense and government that no one recognises," Nazario explained.
More importantly, "All the major sites are very well protected in terms bandwidth and their ability to push back the attack traffic and keep legitimate traffic going."
Although Estonia is one of eastern Europe's more technically advanced countries, its "infrastructure is not as robust, and they have fewer resources" than US organisations, said Nazario.
"They're savvy, and know what they're doing, and brought in help in right place so they're able to weather the attacks."
Estonian DDoS attacks ‘unlikely' in US
By Jim Carr on May 31, 2007 12:47PM