Network admins field more DDoS attacks

Network operators faced larger and more frequent distributed denial of service attacks on their assets with at least one in three fielding over 10 attacks a month, according to Arbor Networks' worldwide infrastructure security report.

The report, which aggregated the views of 110 providers worldwide, found DDoS attacks had spiked 102 percent in the past year.

Both brute force and more sophisticated application-layer attacks against internet data centre and fixed/mobile wireless operators had contributed to the rise.

Arbor's Australian managing director Nick Race told iTnews that internet data centres were "very vulnerable targets".

"The concentration of customers on the same infrastructure can take down multiple customers at a time," he said.

Some data centre operators used stateful firewalls or IPS devices to ward off DDoS attacks, but Race argued the devices could "render networks more susceptible to attacks by acting as stateful DDoS chokepoints".

"Our contention is, do you really need them?" Race said.

Arbor launched an appliance late last year that it hoped data centres and web hosts would take use to thwart flood-based DDoS attacks.

Domain name servers were also emerging as a favourite attack point, Arbor found. About a third of respondents had seen DDoS attacks on their DNS infrastructure or DNS cache-poisoning attacks directed to or through their infrastructure in the past year.

"Due to the relative lack of attention to DNS protection and scalability by many network operators, DNS has emerged as one of the easiest ways to DDoS a server/service/application and take it offline by denying internet users the ability to resolve server/resource records," Arbor said.

"Additionally, the large number of misconfigured DNS open recursors, coupled with the lack of anti-spoofing deployments on many networks, allows attackers to launch overwhelming DNS reflection/amplification attacks."

Less than 40 percent of DDoS attacks were reported to authorities and confidence in law enforcement officials remained fairly low.

However, Race said there had been "definite improvements" in the relationship between police and security operations centres in the past year.

The report also produced potentially alarming statistics that over half of mobile carriers had experienced outages in the past year due to security issues.

These weren't DDoS attacks, according to operators, but rather attacks leveled against the packet core, mobile data centre, or subscriber devices.

Race said that as IP equipment like routers and switches was deployed at the edge of mobile networks, the risk of those assets being attacked increased.