By John E. Dunn, Techworld
13 October 2005
Companies should devote more resources to countering old-fashioned
DDoS attacks when investing in security, a survey of global ISPs (pdf)
 has argued.
The figures from Arbor Networks in its Worldwide ISP Security Report
came from questionnaires sent to 36 large ISPs in the US, Europe and
Over 90 percent of ISPs surveyed cited simple "brute force" TCP SYN
and UDP datagram DDoS floods from zombie PC networks as their biggest
day-to-day hassle, a finding which should apply equally to their
This puts DDoS ahead of more recent attack types such as
fast-spreading worms and DNS poisoning, which were ranked second and
third respectively, in terms of prevalence.
Even then, worm attacks were often most hazardous in terms of their
original effect on traffic. "The primary threat from worms is not the
payloads but the network congestion they cause," the report noted.
Surprisingly, given the prevalence of this type of attack in recent
years, only 29 percent of ISPs offered services to counter and trace
DDoS in an automated way at the ISP level. The majority only
discovered such events when a customer contacted them for help.
The main means of defending against DDoS remains the use of Access
Control Lists (ACLs), but these come with the downside of shutting off
network access. The DDoS attack is stopped but only by replicating
much the same effect as the original traffic blocking.
The reported motivations for DDoS attacks clusters around issues such
as cyber-extortion, electronic protests against companies, and even
corporate espionage. Few, if any, of such attacks are reported to
result in criminal action against the instigator, which could account
for its continued popularity.
InfoSec News v2.0 - Coming Soon!