Light Reading

When Size Matters

Carol Wilson
10/18/2013
50%
50%

It is easy to get lost in the numbers when discussing distributed denial of service (DDoS) attacks and other network breaches but the figures Arbor Networks released this week regarding DDoS attacks are worthy of special note. They are a strong indication of new threats for which network operators need to be prepared. (See Arbor Sees Alarming Rise in Size of DDoS Attacks.)

Those numbers come from the 275 network operators that are customers of Arbor Networks Inc. 's Atlas network security system and regularly report troublesome activity. They show that larger bit-per-second attacks are back in vogue, and have grown so rapidly they threaten to not only cause massive problems for their targeted companies but also for networks in general.

For the past couple of years, larger packet-per-second attacks were more the norm, says Darren Anstee, solutions architect team manager for Arbor. Those tend to exhaust forwarding performance.

Last March, however, the largest single cyber-attack to date was launched against the servers of Spamhaus, a non-profit agency that battles spam. Since that attack, the trend has been to ever larger bit-per-second attacks. The Spamhaus attack, which hit 300 Gbit/s, affected Internet traffic globally and hurt many businesses in the process.

And here are the staggering numbers: There has been more than 350 percent growth in the number of attacks monitored at greater than 20 Gbit/s so far this year, as compared to 2012. The average DDoS attack in 2013 is currently measured at 2.64 Gbit/s, up 78 percent from last year.

That's of particular concern to service providers because attacks of that size will not only swamp the resources of the target company but can also swamp aggregation routers serving that company and others, and create major congestion issues for the network in general.

"There is a much broader range of organizations that are going to get their Internet connectivity completely saturated by an average attack," says Anstee. "They will be dependent on their service providers or on cloud-based protection to deal with that."

These attacks are being launched either by cyber-criminals, who use them as distractions for other activity or as "take-outs" for extortion or other purposes, or by so-called "hacktivists," who for a variety of ideological reasons, target various companies or web operations for attack to make a political point.

Two suspects have been arrested in the Spamhaus attack, for example, one a Dutch participant in countercultural ISP and one a UK schoolboy who was apparently making considerable money from Internet activity. They targeted Spamhaus because of its efforts to identify and stop spam email that poses security threats.

Because it's harder to predict where attacks will come from next, it's become much more important to prepare for them, Anstee says. And that means making sure there are solutions in place to help customers who are attacked, as well as protection for the service providers' infrastructure to prevent or respond to collateral damage from these massive attacks.

"Since we are seeing more very large attacks -- we saw a 191Gbits/sec attack in August -- service providers also need to be looking at capacity planning models for their mitigation infrastructure," he warns. As the size of average and peak attacks grows, network operators must make sure they can deal with these larger threats.

As I said at the outset, it's easy to get lost in such staggering figures, but the latest warnings are not something to glaze over. There have been many other warnings as well, and expressions of concern that service providers aren't taking the rapidly growing threats seriously. Given that Arbor's numbers come straight from the networks themselves, this is proof of what lies ahead, ready or not. (See Security Threat Intensifies for Service Providers.)

— Carol Wilson, Editor-at-Large, Light Reading

(6)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
pdonegan67
50%
50%
pdonegan67,
User Rank: Light Sabre
10/21/2013 | 4:37:48 AM
Re: Are we shock-proof?
I started researching the service provider security space three or four years ago and was immediately struck by the confluence of proven incidents of attacks that have had truly devastating effects alongside some positively steaming shovels full of fear-mongering bullshit on the part of some security vendors. The two really do co-exist.

As my research has gone on, I've found that the pitching of security solutions into the service provider space is typically quite a lot more sober than it is into the enterprise.

Very few service providers fall for the histrionics-based sell, in my experience This is either because they're highly security-savvy and know how to categorize risks according to the threat level they represent.

Or (as is still too often the case) it's because they can't differentiate different threat levels, can't be bothered to, and don't much care about anything beyond the next quarter's revenue target. In the case of these guys, if they invested in the right security solutions they might find that a couple of unexplained outages which suspended their ability to bill during the quarter were actually caused by malicious attacks but hey, why let that interfere with sound accountant-led thinking, right?

I'm actually struck by how sober and business-case oriented most pitching of security solutions to service providers is these days. I'm also struck, not coincidentally, by the relatively high rate of failure among the minority of security solution vendors who shriek with scant evidence that the sky is falling in. They often find that it's actually them that the sky subsequently falls in on where service provider business is concerned.

Where Arbor Networks is concerned I've an interest to declare in that I've done quite a bit of work with them. They have laced my palm with silver. They're one of the sponsors of Light Reading's second Mobile Network Security conference that I'm chairing in New York on December 5th, for example (see our LIve Events listing).

So take this with a pinch of salt if you will, but when I talk to service providers, the feedback I get about Arbor is that they are one of a select few companies whose opinions and solutions for service provider security are nearly always taken very seriously pretty much anywhere in the world.

Better still, ask around yourself, and see if you encounter a different pattern. I'd be very surprised.
Carol Wilson
50%
50%
Carol Wilson,
User Rank: Blogger
10/18/2013 | 7:35:35 PM
Re: Are we shock-proof?
Hacktivists are organizations with a political ax to grind - think Anonymous or Wikileaks -- and their wanna-bes - who launch attacks to make a point, and not necessarily for profit. 

That is a trend we should possibly be following more closely. 
Carol Wilson
50%
50%
Carol Wilson,
User Rank: Blogger
10/18/2013 | 7:33:54 PM
Re: Are we shock-proof?
I actually did a rather extensive search of the SpamHaus attack and never saw anything that said it was a PR hoax. A number of respected tech sites took this very seriously so if it is a hoax, it was wildly successful, fooling Cnet, Cisco, slashdot, zdnet, reddit and nextweb. 

I assume the organization you are criticizing is Cloudflare? I did find two reports criticizing them for exaggerating the potential impact of the SpamHaus attack, claiming it could have "broken" the Internet. But even critics admit this was a serious attack. 

Arbor isn't saying these larger attacks are breaking the Internet and yes, they have something to sell toe service providers but no one is hiding that, and being aware of ever larger DDoS attacks is still a good idea. 
prtrumpsreality
50%
50%
prtrumpsreality,
User Rank: Light Beer
10/18/2013 | 5:58:27 PM
Re: Are we shock-proof?
You shuld check facts better.  The SpamHaous attack was so small, that nobody (except spamhaus) noticed.

The publicity campaign that was kicked off by the comapny they hired to fix their problem however, made up some numbers so crazy, that everyone saw "largets in history", and that PR has now replaced the truth.

the Spamhaus ISP published their traffic logs for the period in question in response, showing that there was no discernable peak or spike in data.  

It seem nothing can beat a good PR advertising campaign though :-(
pzernik
50%
50%
pzernik,
User Rank: Light Sabre
10/18/2013 | 5:34:53 PM
Re: Are we shock-proof?
Hi Carol.  What exactly are hacktivist groups and what are their motives?  Can LR do an article on this subject? 
Carol Wilson
50%
50%
Carol Wilson,
User Rank: Blogger
10/18/2013 | 3:47:42 PM
Are we shock-proof?
Arbor has been tracking this stuff longer than most and while they usually have some shocking numbers to share, this current report is truly disturbing. 
Educational Resources
sponsor supplied content
Educational Resources Archive
More Blogs from Rewired
Even the best specialized routers can't keep pace with the 100,000-plus % increase in mobile data traffic, Donovan tells MWC.
Response to FCC head Tom Wheeler's expected re-regulation of broadband access lines was predictable, but also maybe irrelevant.
Metaswitch CTO says virtual functions implemented on IT-grade cloud infrastructure require extra engineering help to handle network volumes.
Technology guru John Donovan pledges to make AT&T's network 75% software-defined by 2020.
Board of directors allegedly wanted faster pace of change from one of the telecom industry's change pacesetters.
Flash Poll
From The Founder
The New IP is actually bigger even than business. Like another hugely important tech that Light Reading is digging into right now, the New IP has the potential to change the world by fundamentally advancing what it is possible for people to achieve with communications.
Que Sera Sarah
Growth of the 5G Ecosystem

3|6|15   |   1:15   |   (1) comment


Use cases and industry collaborations dominated 5G discussions during Mobile World Congress 2015. For what the road to 5G means for operators and their partners, head to the Building America's 5G Ecosystem event in New York on April 14.
LRTV Custom TV
Sonus NaaS IQ Real-Time Demo

3|6|15   |   4:03   |   (0) comments


Compass Networks Chairman and CEO Matt Bross and Ray Dolin, CEO of Sonus Networks, demonstrate their Sonus IQ SDN solution using a live video conference connection.
LRTV Custom TV
LRTV Talks Carrier WiFi & WiFi Calling With Aptilo Networks

3|6|15   |   4:53   |   (0) comments


We stopped by Aptilo Networks, a market leader in WiFi service management and offloading, to discuss the new possibilities with next-generation WiFi calling and why WiFi should be a natural part of any operator strategy.
LRTV Interviews
NGMN Chairman Outlines His 5G Vision

3|6|15   |   5:10   |   (1) comment


Bruno Jacobfeuerborn, chairman of the NGMN Alliance and Deutsche Telekom CTO, shares his thoughts on the challenges, opportunities and costs of 5G.
LRTV Interviews
In the Cloud With Telecom Italia

3|5|15   |   7:10   |   (0) comments


Light Reading CEO Steve Saunders sits down with Telecom Italia's Simone Battiferri at Mobile World Congress to discuss virtualization, agility and the economic advantages of the cloud.
LRTV Huawei Video Resource Center
New Ways of Working

3|5|15   |   4:24   |   (0) comments


At the ICT Leaders Roundtable, hosted jointly by Light Reading and Huawei at the Hotel Renaissance in Barcelona just prior to Mobile World Congress, Hong Kong Telecom's Michael Yue explains how the transformation in its business has changed its customer relationships.
LRTV Huawei Video Resource Center
Bridging the Digital Gap

3|5|15   |   4:03   |   (0) comments


At the ICT Leaders Roundtable, hosted jointly by Light Reading and Huawei at the Hotel Renaissance in Barcelona just prior to Mobile World Congress, Boingo's Dr. Derek Peterson explains how ICT can help telcos bring the physical and virtual worlds closer together.
LRTV Huawei Video Resource Center
Making the Internet of Things Affordable

3|5|15   |   2:42   |   (0) comments


At the ICT Leaders Roundtable, hosted jointly by Light Reading and Huawei at the Hotel Renaissance in Barcelona just prior to Mobile World Congress, Telefonica's Dr. Mike Short explains how the Internet of Things demands a new low-cost approach to connectivity from telcos.
LRTV Huawei Video Resource Center
Evolution, Not Revolution

3|5|15   |   2:00   |   (0) comments


At the ICT Leaders Roundtable, hosted jointly by Light Reading and Huawei at the Hotel Renaissance in Barcelona just prior to Mobile World Congress, Heavy Reading's Patrick Donegan explains why telcos can't be too hasty in their efforts to transform themselves.
LRTV Custom TV
Management & Orchestration Enablement Strategies Required for NFV Commercial Success

3|5|15   |   6:22   |   (0) comments


NFV commercial success rests on successful service orchestration strategies which can span heterogeneous physical, virtual, legacy and next-gen networks. Network data and security integrity are additional key aspects. Nakina provides a suite of orchestratable network integrity applications built on an open, scalable MANO enablement platform.
LRTV Huawei Video Resource Center
The Power of Five Convergences in OceanStor OS

3|4|15   |   6:24   |   (0) comments


OceanStor OS is Huawei's brand-new storage operating system. While inheriting the consistent high stability, reliability and performance from the company's previous storage products, OceanStor OS abounds in new converged storage features. Specifically, the new storage operating system achieves "five convergences" to lift storage convergence to a higher level.
LRTV Huawei Video Resource Center
4K Brings Extreme Video Experience

3|4|15   |   8:10   |   (0) comments


4K video is a hot topic in the video industry. It will certainly bring an extreme video experience to end users. At the same time, however, it will also pose a big challenge to operators. Check out this Huawei 4K experts' discussion about how operators can achieve success in 4K video service.
Upcoming Live Events
March 17, 2015, The Cable Center, Denver, CO
April 14, 2015, The Westin Times Square, New York City, NY
May 12, 2015, Grand Hyatt, Denver, CO
May 13-14, 2015, The Westin Peachtree, Atlanta, GA
June 8, 2015, Chicago, IL
June 9-10, 2015, Chicago, IL
June 9, 2015, Chicago, IL
June 10, 2015, Chicago, IL
All Upcoming Live Events
Infographics
Net neutrality, broadband services and the current outlook on data consumption, as presented by the New Jersey Institute of Technology.
Hot Topics
Internet Pioneers Decry Title II Rules
Carol Wilson, Editor-at-large, 3/2/2015
Wheeler: We'll Enforce Title II 'Case-By-Case'
Sarah Thomas, Editorial Operations Director, 3/3/2015
New CenturyLink CTO in Major Overhaul
Carol Wilson, Editor-at-large, 3/4/2015
Alibaba 'Planting a Flag' in US Cloud Market
Mitch Wagner, West Coast Bureau Chief, Light Reading, 3/4/2015
Few in Number, Big in Data
Sarah Thomas, Editorial Operations Director, 3/2/2015
Like Us on Facebook
Twitter Feed
Webinar Archive
BETWEEN THE CEOs - Executive Interviews
Chattanooga’s EPB publicly owned utility comms company has become a poster child for how to enable a local economy using next-gen networking technology. Steve Saunders, Founder of Light Reading, sits down with Harold DePriest, president and CEO of EPB, to learn how EPB is bringing big time tech to small town America.
Light Reading CEO Steve Saunders talks transformation and virtualization – including Light Reading's independent testing of the vendor's virtualization solutions – with Cisco CEO John Chambers at Mobile World Congress in Barcelona.
Check out Light Reading's interview with Jay Samit, the newly appointed CEO of publicly traded SeaChange International Inc. With a resume that includes Sony, EMI, and Universal, Samit brings a reputation as an entrepreneur and a disruptor to his new role at the video solutions company. Hear what he had to say about the opportunities in video, as well as the outlook for cable, telco, OTT and mobile service providers.
G'day! And welcome to an entirely new feature on Light Reading -- our weekly "CEO-to-CEO" interview.