What is DDoS? • “Distributed Denial of Service A>ack” – Uses mulBple hosts on the Internet to focus traﬃc against one or more targets. – MulBple can mean 100’s of machine but could also mean millions – Generates more traﬃc than the target can handle, hence denying service to legiBmate traﬃc
Just a small sample of targets • 2002 Root Servers a>acked • …… • 2006 CafePress • 2007 Estonia • 2008 Scientology • 2009 Twi>er • 2010 Austalia’s Parliament House • 2011 ….. ? ? ?
BotNets are a big Problem • You can not talk about DDoS without menBoning the hijacked machines that are used in the a>acks! • Viruses/Worms etc. are used to enable control of poorly secured machines. • Can be spread in numerous ways.
How big is the BotNet Problem? • We don’t really know – Seriously! That is a sign of how bad it is.. • One BotNet is Conﬁcker: – We can measure +/-‐ 6 million unique IP addresses showing conﬁcker infecBons globally…. – However that does not count individual infecBons behind ﬁrewalls.. The Chinese say that they see 18 million conﬁcker infecBons every month! Source: h>p://www.conﬁckerworkinggroup.org/ and h>p://www.china.org.cn/government/whitepaper/node_7093508.htm
Can you defend against this? • You can provision to deal with low level a>acks. (bandwitdth, system resources) • You can have processes in place to push back on a>acks. (Filtering at upstreams) • This is an arms raise, one where we pay for our resources but the “bad guys” don’t
• Infected machines are not just used for DDoS, -‐ Also used to collect, store and move data. -‐ (Including peoples IdenBBes, money and other sensiBve data) • If someone owns your machine they can do anything with it that you can do including some things you would never think of doing
“ﬁght the disease not the symptoms” • We cannot remove the threat of DDoS unless we tackle the issues that allow for BotNets. • If we are seeing millions of machines infected then clearly the way we are currently doing things is not working
User awareness and computer hygiene needs to be drasBcally improved. That means more educaBon and be>er user tools. We must ﬁnd ways to make cybercrime less rewarding and much higher risk. This is no diﬀerent to real world crime problems!
Thank You John Crain Senior Director, Security Stability and Resiliency ICANN email@example.com