A New Approach to Defending Against DDoS Attacks

DDoS (Distributed Denial of Service) attacks are getting larger, more sophisticated, and more pervasive. Just today (October 21, 2016), DDoS attacks against Dyn, Inc have impacted the availability of sites such as Twitter, Netflix, Github, and Spotify.

Typical DDoS mitigation strategies rely on defending the victim (destination) as close to the destination as possible. This can happen in a number of ways.

One defense strategy is to redirect traffic, destined to the victim, through an alternative network that is designed to identify malicious traffic, drop the malicious traffic, before sending the legitimate traffic to the victim. This generally works well for volumetric or protocol based attacks. However, this requires that a network with a vast amount of capacity be available and sitting idle, except in times of attacks.

Another defense strategy is to utilize network and application firewalls, sitting in front of the destination, to identify the malicious traffic and drop it before sending the legitimate traffic to the destination. This generally works fine for some protocol and application based attacks.

Then, in some cases, volumetric attacks are so large, that they completely overwhelm the destination network. In this case, they use a BGP community, known as Remote Triggered Black Holes (RTBH) to tell their upstream service providers to drop traffic destined to the victim before it even reaches the destination network. In this case, the victim is sacrificed for the availability of rest of the network. This is typically the worst case scenario, as the victim still goes offline, conceding a victory to the attacker.

These countermeasures obviously are not going to scale with ever growing attacks. This is why we need the architects and builders of the Internet to come together to standardize on a new method of defending against the these attacks. We need a global community of real time analytics that identify malicious sources and use RTBH techniques to automatically take the offending sources off the Internet, instead of the victims. This technique will require that every Internet provider agree on a standard, and abide by it.

Share on FacebookTweet about this on TwitterShare on LinkedInShare on RedditEmail this to someone

October 21, 2016

Posted In: DDoS, Miscellaneous Hacking, Net Nuetrality, Network Connectivity, network security, Security

Why I will be Boycotting AT&T.

I’ve recently have been experiencing issues with my IPv6 Tunnel with Tunnelbroker.net. While doing some searching on the Internet, I ran across this forum thread on AT&T, with users experiencing the same issue.

It appears that AT&T is blocking SIT and GRE tunnels purposely – which have very legitimate purposes. After reading the forum thread, I filed a complaint with the FCC about AT&T violating network neutrality rules. I then posted my actions on the thread and listed the FCC complaint reference number – 13-C00539997.

Shortly after, AT&T removed the reference number from my post. I then edited the post and added it back. The AT&T moderator then removed it again and sent me a private message stating that I wasn’t allowed to post personal information. I replied back to her message and stated that it wasn’t personal information and that it was a FCC complaint reference number. After sending the message, I again edited the post and added the reference number back. And told the moderator, by name, to not remove the reference number.

Now, I’m banned from the thread, and I got a nice nasty gram from the AT&T moderator

With customer service like this, my FCC complaint will be for nought, as I’m just going to boycott AT&T products all together. So long, AT&T, you’ll hardly be missed.

Update:

I received another private message, this time from another forum moderator.

Here is my response:

Share on FacebookTweet about this on TwitterShare on LinkedInShare on RedditEmail this to someone

November 10, 2013

Posted In: AT&T, Net Nuetrality