Slaying the Hydra: Evolution and Mitigation of Denial-of-Service Attacks

No ratings

Presented at BSidesRaleigh 2014 by

Lisa Lorenzin

One of Hercules' first challenges was his battle with the Lernean Hydra, the many-headed mythological serpent who sprouted two new heads every time one was removed. Hercules would feel right at home in today's datacenters, where mitigation of distributed denial-of-service (DDoS) attacks can feel like an unwinnable game of Whack-A-Mole. In the past few years, the magnitude of DDoS attacks has grown at a disconcerting pace. The largest DDoS attack in 2012 peaked at 100Gbps; the first quarter of 2014 brought a 400Gbps NTP amplification attack. Despite the security industry's best efforts to encourage protection of the end-user systems and patching of the vulnerable servers that enable these assaults, successful attacks seem to be taking place with increasing regularity and volume. Denial of service is not a new problem; simplistic attacks such as ping floods and syn floods have been around almost as long as the Internet has existed. The rise of botnets, vast collections of malware-infected zombie systems, led inexorably to the appearance of distributed denial-of-service attacks. Attackers, too, have evolved: script kiddies harnessing the power of Metasploit, Anonymous launching the Low Orbit Ion Cannon (LOIC) against targets ranging from the US Copyright Office to the Motion Picture Association of America (MPAA) to PayPal, cyber-criminals using threats of DDoS as a method of extortion... This session will provide an overview of the various forms of DDoS attack active today, who is launching them, and why. We will then review mitigation techniques that reduce the impact of and potentially stop the attacks entirely, and discuss social and cultural responses.