Overview
Français
ABSTRACT
Attacks are increasing in amplitude, scale, and duration. Furthermore, performing large-scale DDoS attacks has become within everyone's reach. Detecting and mitigating attacks therefore takes more time. Mitigation actions are taken in local networks or by an upstream protection service following local procedures. Such approaches are static and sub-optimal. Distributed responses and coordination means would therefore help mitigate distributed attacks at the largest scales. This document sketches a proposal that enables efficient collaboration and facilitates the exchange of security practices among trusted parties. It also facilitates the automation of the execution of appropriate countermeasures, and the translation of such countermeasures into commands that will be enforced in the network.
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHORS
-
Mohamed BOUCADAIR: Network and IP Services Architect - Orange
-
Christian JACQUENET: Director of Strategic Programs IP Networks - Orange
INTRODUCTION
A DDoS (Distributed Denial of Service) attack is an attempt to make network resources, computing resources or even access to services unavailable to their users. In most cases, such attacks can be massive, compromising several hundred thousand endpoints, which in turn can be used as relays to amplify the attack's damaging power. The 2019 edition of the Symantec report includes:
24,000 applications embedded in mobile terminals are blocked on a daily basis;
a 600% increase between 2016 and 2017 in the number of attacks targeting connected objects (Internet of Things);
an increase in the volume of attack traffic between 2016 and 2017. In 2016, attack traffic represented 5% of global web traffic, and 7.8% in 2017.
Recent statistics also show a marked change in the duration of attacks: the vast majority (77%) of attacks detected in 2017 lasted more than an hour, and 6% of them lasted at least 12 hours, or even more than a day (3%). In the last quarter of 2018, an attack lasted 329 hours (practically two weeks), according to data from a Kaspersky report.
The sheer scale of such attacks, both in terms of duration and propagation, further complicates the task of the protection service(s) (known as DMS for DDoS Mitigation Service) likely to be mobilized to resolve them.
In addition, the ATLAS report revealed that :
274 attacks exceeded the 100 Gbit/s threshold in the first half of 2016, compared with 223 attacks for the whole of 2015 ;
46 attacks exceeded the 200 Gbit/s threshold in the first half of 2016, while only 16 attacks were observed in 2015;
the United States, France and Great Britain are prime targets for attacks with volumes in excess of 10 Gbit/s.
Since the publication of these reports, DDoS attacks have become increasingly frequent and intense, such as the attack suffered by a French provider, which exceeded 1 Tbit/s in volume. What's more, with the advent of "Booters" (or "stressers", platforms for selling denial of service) and the concept of "DDoS-as-a-Service", executing large-scale DDoS attacks has practically become within everyone's reach.
According to another study :
more than 20 million IP spoofing attacks targeting more than 2 million IPv4 (/24) prefixes were carried out. These prefixes represent more than a third of all prefixes advertised on the Internet;
4.3% of attack targets subscribed to a DMS mitigation...
The Ultimate Scientific and Technical Reference
KEYWORDS
security | cyberdefense | mitigation | attack | distributed denial of service (DDoS) | protective networkings
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Protective communication networks
Introduction
Bibliography
- (1) - BOUCADAIR (M.), Ed, REDDY (T.K.), Ed - Distributed Denial-of-Service Open Threat Signaling (DOTS) Data Channel Specification. - RFC 8783, DOI 10.17487/RFC8783, https://www.rfc-editor.org/info/rfc8783 (2020).
- ...
The Ultimate Scientific and Technical Reference
