thezootsewt/ December 6, 2016/ Cyber Defense/ 0 comments

‘Twas the night before Cyber Monday, when all through the ‘Net
Not a DDoS was stirring, not even a bit;
The cyber defenses were ready and waiting,
In hopes that the Cyber Grinch soon would not be there;
The Admins were nestled all snug behind their desks,
While visions of slow networks danced in their heads;
And CEOs in their fancy suites, and CISOs in their not so fancy pants,
Had just left work for a long winter’s nap,
When out in the Data Center there arose such a clatter,
We sprang from the Ops floor to see what was the matter.
Away to the network monitoring window we flew like a flash,
Tore open the Apps and cleared out the cache….
When, what to our wondering eyes should appear,
The Cyber Grinch and billions of Pwn3d devices that he steered.

All seemed quiet in the media over the thanksgiving holiday, but as it turns out there were significant DDoS attacks during the peak holiday shopping season.  As previously posted, the threat of massive Distributed Denial of Services attacks over Black Friday/Cyber Monday (a.k.a. the Cyber Grinch) was widely believed to be a potential problem.  Disrupting online sales activity during the peak shopping days of the year would have significant impact on merchants and retailers.  We came through the holiday with very little indication of any major DDoS attacks, until now.

Cloudflare is reporting that a botnet (but not the infamous Mirai botnet) spewed over 400gbps of junk data at some of its’ customers over long periods of time.  The prolonged DDoS attacks were mitigated, but the attacks were significant. Several of the attacks exceeded 400Gigabits/second and millions of packets per second.

DDoS attacks mitigated by Cloudflare during Black Friday/Cyber Monday 2016. NOTE - values are in GigaBytes per second (multiply by 8 for Gigabits per second).

DDoS attacks mitigated by Cloudflare during Black Friday/Cyber Monday 2016. NOTE – values are in GigaBytes per second (multiply by 8 for Gigabits per second).

For those web sites that are not using services such as cloudflare, the option to roll-your-own DDoS mitigation is a sizable challenge.  Just acquiring and running the network infrastructure to support DDoS mitigate is an expensive proposition.  Detecting and mitigating attacks is another expensive piece of the puzzle.  Cloudflare does offer a free tier of service, but with limited features.  It also cannot help protect native servers that were once registered in DNS with the Native IP address.

DDoS will continue to be a major problem in 2017 and beyond, and it seems like high time for the Free Open Source Software (FOSS) community to come up with some solutions.  Just like LetsEncrypt helped to tackle the lack of encryption on many websites, a similar effort is also needed to design systems that can help mitigate DDoS.  After all, big companies and governments should be the only ones with effective DDoS mitigation.

Leave a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>