DDoS attacks are one of the most common forms of cyber threat activity on the net. They can be deployed by the most dangerous state-sponsored actors and the hobby hacker alike, taking on several different forms. Over the decades we’ve seen DDoS attacks evolve from rudimentary volumetric attacks, designed to knock sites offline, into far more complex and malicious threats.
With the internet having reached its mid-20s, it’s about time for some maturity to enter the arena when it comes to solving this problem. While we may never be able to fully attribute the blame for why DDoS still causes millions in damage every year, we do need to question the role that service providers have in mitigating the threat.
The responsibility in many cases lies with hosting providers and ISPs – something I explain to consultants with a simple analogy:
Imagine running a bath and seeing that a quarter of the water coming through the tap was contaminated. When the bill from the water company came, I don’t imagine anyone being too happy paying for a contaminated supply. People can justifiably look at their Internet service in the same way.
If a hosting provider isn’t providing effective DDoS mitigation as a part of its service offering they may send useless and potentially harmful traffic across their customers’ networks. If folks refuse to pay the water company for contaminated water, why are so many companies paying for a similar situation with their hosting and service providers?
With Internet traffic, there’s the problem that customers can’t accurately visualise all the traffic flowing across their network and analysing it is far too big a job for existing staff to handle. Whether it’s a sub-saturation attack designed to explore or weaken certain aspects of a network, or a huge flood attempting to knock the whole place offline, customers aren’t able to hold providers to account in quite the same way, despite the second-rate service they may be receiving.
The legacy solution for hosting providers was to black-hole traffic i.e. if a suspected DDoS attack was taking place, traffic would be sent to an IP location that doesn’t exist. However this also sends the good traffic to said non-existent IP location, meaning these legitimate users can’t visit the site or service they were hoping to – costing the business money and customers. This is doing the attackers’ work for them, whereby the site is rendered out of use due to the DDoS attack, even after the attack itself has subsided.
Fast-forward to today and the technology has not only caught up with the hackers, but has surpassed their capabilities altogether. There are now technological innovations that utilise real-time mitigation tools installed directly inline with the peering point, meaning customer traffic can be protected as it travels across an organisation’s network. Such innovations mean providers are better positioned than ever before to offer effective protection to their customers, so that sites and applications can stay up and running, uninterrupted and unimpeded.
Fortunately, hosting providers are starting to deploy this technology as part of their service package to protect their customers, and the latest solutions are scalable and automated. This maximises efficiency and minimises the need for human intervention – which should act as a gigantic aspirin for the headaches caused by DDoS attacks in the past. Providers can tune these systems so that customers only get good traffic, helping their sites run far more efficiently. It’s a win-win for both sides, as providers’ services become more streamlined and reliable, protecting their reputation and attracting more customers. The upside for the customer is that they’re no longer paying for poorly filtered traffic.
If purpose-built technology is laid out at ISPs’ peering points, DDoS traffic is halted before it can enter their networks. This is effectively shutting the door on the DDoS traffic, while leaving a window open for the legitimate user traffic to still get in. For security staff and service administrators, this means no more calls in the middle of the night, no more downtime and most importantly, no more victims of DDoS attacks.
A case in point is SdV Plurimédia, a French hosting provider. It handles huge amounts of traffic and, like any other hosting provider, experiences DDoS attacks at speeds capable of derailing their networks. SdV Plurimédia guarantees customers 24/7 operability; a risky promise if DDoS attacks are a persistent concern.
Through deploying automated technology that was simple to implement, SdV Plurimédia didn’t have to reconfigure any elements of its network. It chose an option that sits inline and is dedicated to mitigating DDoS attacks at the edge of the network meaning the threat was removed and business for their customers could carry on as usual without sudden surprises coming downstream. As SdV’s example shows, the technology is readily available, so why not encourage more conscientious behaviour within the industry?
When shopping around for a hosting provider, watch for the companies that don’t provide security as part of their service offering, since they may end up charging you for traffic you didn’t ask for and shouldn’t be paying for.
If you opt for a company that does offer security as a service, you’ll be saved a lot of the expensive call-outs, downtime and loss of customers that tend to go hand in hand with the DDoS attacks which negligent providers allow to run their course.
Dave Larson, Chief Operating Officer, Corero Network Security
Image source: Shutterstock/Profit_Image