Cloud Hosting Could Mitigate DDoS Attacks

The last few years has seen an increase in denial of service attacks across the web. They are increasing in both strength and frequency and often the target organizations seem unable to respond to these threats or are too late to recognize them. A recent report from Merrill Research revealed a growing concern amongst IT managers and decision makers regarding this growth in strength and frequency of DDoS attacks. This report reveals that self-hosted sites actually had far more problems with DDoS attacks than those that were hosted with third parties. In fact instances of complete outage along with limited availability were more common problems with these sites that were hosted by the site’s owners, while those with cloud hosting saw fewer problems due to the ability of a cloud host to switch queries to a new server when an overwhelming amount of queries were posted. Two thirds of those interviewed who reported experiencing an attack in the last year said that they experienced more than one attack that year, with 11% having been hit six or more times. More than half of those who were hit by these attacks said they had down time as a result of the attack with more than two thirds reporting that this down time impacted their customer’s experience. In addition, about half of those who experienced these attacks reported some loss of income. Success Breeds Success In a recent interview VeriSign VP of strategy Sean Leach talked about the results of this report, which was commissioned by VeriSign, and why he thinks the attacks are on the rise. He saw two main reasons for the recent rise in DDoS attacks: the first being that the attacks are becoming more successful and are obviously done at specific targets with the intent of taking down large targets. The second reason is that with this success copycat hits are bound to occur. Leach pointed out the ease of creating an attack with a $10/hour botnet. So we now have made the attacks more attractive, easy to copy and cheaper to create. Major DDoS Attacks and How to Recognize Them Leach went on to name the four major types of DDoS attacks and how they work. While a firewall is a basic that most systems should already have in place, Leach also suggested that more data centers will need to step up to the plate when it comes to DDoS mitigation appliances. As the trend for enterprise moving to the cloud continues, he sees a growth in outsourcing this mitigation to companies like VeriSign. Data Modification - DNS data is configured in a variety of places, it moves from the registrar to the registry to the server. The data can be changed at any place along that path, and the attack can be anywhere from a brute force attack of your DNS data to a tactical move that is barely noticed, except for the changes they make. Cache Poisoning - This is an attack where any flaw in the DNS protocol is used to modify the record at the end of the recurser system. This can be protected against with DNSSec which was deployed by VeriSign this past year. Resource Starvation - This is what most in the business call a direct attack, and is probably the most common. Whatever your threshold for queries is for your system, say a thousand queries a second, all they need to do is send a thousand and one to make you begin to drop your legitimate queries and ultimately shut out your users. Reflection Amplification - This has been showing up more lately and is a very sophisticated attack. In it the attacker actually spoofs the source address of an attack ad then takes on the collective power of multiple recursive servers. They then direct this attack at a specific target destination, and often use this for attacking more than just DNS. DNS Availability is Crucial Since DNS availability is key to the reliable operation of websites, VeriSign also commissioned a study on the maximum, minimum and average availability of the Alexa 1,000 websites in the initial quarter of 2011 called the State of DNS Availability Report. What the report discovered was that those sites who hosted their own DNS had far more problems with availability and more instances of complete outages than those that had their DNS hosted by a third party. Cloud hosting in particular was found to be most effective in combating poor DNS availability because DNS queries can always be switched to a new server in the event of failure. This is yet another time when flexibility and scale is proving that the cloud is the best route to go for most web businesses. Our newsletters and blogs are written to provide you with tools and information to meet your IT and cloud solution needs. We invite you to engage in our online community by following us on Twitter @GMOCloud and 'Liking' us on Facebook.