A decade of denial


Published on

Distributed Denial of Service, or DDoS, has been around since the late 1990s, but hit in a big way in Feb. 2000 when sustained attacks took down several large Web sites including Yahoo and Amazon. Since then, the techniques for DDoS have evolved to leverage different attack motivations, as well as to bypass protection measures put in place to stop these attacks. In this presentation, the history of DDoS and why it is still so prevalent today will be examined. Topics focus on attacker motivation, various threat vectors and new tools being used – and why you need to be updating your mitigation measures at the same pace.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

A decade of denial

  1. 1. A Decade of Denial:A Historical DDoS Overview And Open Discussion
  2. 2. Jeff WilsonWith more than 14 years in the datanetworking and telecom industry, and one ofthe most accurate forecast track records inthe business, Jeff Wilson is a certifiablenetwork security market guru. He hasexpertise in a wide variety of networksecurity appliance, software, and servicesmarkets, including IPSec and SSLVPNs, firewalls, IDS/IPS, NAC, and contentsecurity (anti-x, mail security, Websecurity, data leak prevention).
  3. 3. Dan HoldenDan Holden is the Director of ASERT, ArborsSecurity Engineering and ResponseTeam, where he leads one of the most wellrespected security research organizations inthe industry. His teams oversee the ATLASglobal security intelligence database and areresponsible for threat landscape monitoringand Internet security research, including thereverse engineering of malicious code.
  4. 4. Rakesh ShahRakesh Shah is the Senior Director of ProductMarketing & Strategy. He has been with thecompany since 2001, helping to take Arborsproducts from early stage to category-leading solutions and has been dealing withDDoS attacks . His teams focus on launchingArbor’s products into the marketplace aswell as developing thought leadershipdemonstrating Arbor’s unique networktraffic management and DDoS mitigationsolutions.
  5. 5. A Decade Of DDoSFirst, we’ll highlight the majortrends in DDoS attacks anddemonstrate how they have grownfrom an inconvenience to a threatthat CIA Director Leon Panetta hascalled “the next Pearl Harbor.”
  6. 6. Summer1996 DDoS Is Born In the Summer of 1996, an article titled, "Flood Warning," in The Hacker Quarterly, showed how a Distributed Denial of Service (DDoS) attack could be used to shut down a Web site.
  7. 7. Sept.1996 DDoS Is Born The ISP Panix is struck by a sustained DDoS attack, affecting its customers. Evidence shows that it was a direct response to the Panix program that allowed customers to block incoming emails from a list of junk bulk e- mailers.
  8. 8. Jan.1998 Industry Response To DDoS Threat RFC 2267 is published, which details how network administrators can defeat DDoS attacks via anti- spoofing measures. This will eventually become a standard best practice and be adopted by many networking vendors.
  9. 9. Feb.2000 Major E-commerce Sites Attacked A hacker, dubbed Mafiaboy, launches sustained DDoS attacks on Yahoo and eBay. He is investigated by U.S. and Canadian law enforcement after found bragging about the attacks on IRC. The Montreal Youth Court sentences him in September, 2001 to eight months of open custody, one year of probation, restricted use of the Internet and a small fine.
  10. 10. Oct.2002 Smurf Attacks An attack lasting for approximately one hour was targeted at all 13 DNS root name servers. This was the second significant failure of the root name servers. The first caused the failure of seven machines in April, 1997 due to a technical problem.
  11. 11. Sept.2003 Governments Recognize The Threat U.S. Congress proposes legislation for cyber security requirements in private industry. It would require publicly-traded companies to report their cyber security efforts.
  12. 12. Feb.2007 U.S. Government Prepared To Defend An attack began at 10:00am UTC and lasted 24 hours. At least two of the root servers (G-ROOT and L-ROOT) lost performance while two others (F-ROOT and M-ROOT) experienced heavy traffic. ICANN published a formal analysis shortly after the event. Due to a lack of detail, speculation about the incident proliferated in the press until details were released. On February 8, 2007 it was announced by Network World that: “If the United States found itself under a major cyber attack aimed at undermining the nation’s critical information infrastructure, the Department of Defense is prepared, based on the authority of the President, to launch an actual bombing of an attack source, or a cyber counterattack.”
  13. 13. Apr.2007 DDoS Becomes A Weapon Of War The former Soviet Republic of Estonia is taken offline by a sustained DDoS attack following diplomatic tensions with Russia. A year later, attacks on Russian and Georgia Web sites are coordinated with ground offenses against Georgia territories by Russian forces. The attack effectively isolates Georgia from the Internet at large.
  14. 14. Jan.2008 First High Profile Anonymous Attack Anonymous, an Internet hacker group, launches the first in a series of high profile DDoS attacks when it floods Scientology.org with 220Mb of traffic. It was done in response to the Church of Scientology trying to take a Tom Cruise video interview off the Internet.
  15. 15. 2010 DDoS Goes Mainstream DDoS attacks break the 100 Gbps barrier for the first time, with attacks launched against popular Internet Service Providers (ISPs) and other well-known targets. ISPs experience a marked impact on operational expense, revenue loss and customer churn.
  16. 16. Dec.2010 Hacktivism Escalates PayPal is hit with DDoS attacks by supporters of the Wikileaks Web site after Paypal suspends money transfers to the site. A variety of other major financial sites and credit card companies are also hit for their roles in blocking payments to the site.
  17. 17. Apr.2011 Consequences Are Damaging A DDoS attack on Sony is purportedly used to block detection of a data breach that led to the exfiltration of millions of customer records for PlayStation users. Around 101 million user accounts are compromised, although Sony claims credit card information was securely saved as a cryptographic code. APRIL 20, 2011 INTRUSION DETECTED APRIL 26, 2011 CUSTOMERS INFORMED
  18. 18. Jun.2011 Governments On Alert Speaking to the Senate Armed Services Committee, CIA Director Leon Panetta says that: “The next Pearl Harbor that we confront could very well be a cyber attack that cripples America’s electrical grid and its security and financial systems.”
  19. 19. Mar.2012 DDoS Gets Political Canada’s New Democrat Party sees its leadership election impacted by a DDoS attack that delayed voting and reduced turnout.
  20. 20. Apr.2012 Governments Become Prime Targets In a protest against “draconian surveillance proposals” and the extradition of suspects to the U.S. to stand trial, the hacker group Anonymous targets a number of government sites: the U.S. Department of Justice, the CIA and the UK Home Office.
  21. 21. Summary 1. In little over a decade, DDoS attacks have broken the 100 Gbps barrier. 2. First seen as an irritating interruption in service, DDoS attacks are changing in their nature. 3. Protesters are using DDoS attacks as a way of highlighting what they see as social injustices. 4. Criminals are using DDoS attacks to steal information. 5. Governments have added DDoS attacks to their weapons arsenal. 6. DDoS attacks are now seen as a major threat by governments, as well as large corporations.
  22. 22. Solutions Today• How have those solutions changed? What’s available today that wasn’t available 10+ years ago?
  23. 23. Strategies for Protecting Against DDoS• What are some practical strategies for protecting against DDoS attacks?• Should these strategies change depending on your industry, business size, or the type of electronic assets you’re attempting to protect?
  24. 24. DDoS – Who’s Next?