Service and Application-Layer Attacks On Top

by CXOtoday Staff    Jan 21, 2010

Arbor Networks’
Fifth Annual Infrastructure Security Report provides data useful to
network operators to make more informed decisions about the use of
network security technology mechanisms to protect mission-critical
Internet and other IP-based infrastructures. The recent report found
that botnet-driven distributed denial of service (DDoS) attacks focused
on
services and applications are the number one operational security
problem facing the service provider community.

The
survey conducted for the report included responses from 132
self-classified Tier 1, Tier 2 and other IP network operators from
North America, South America, Europe, Africa and Asia. Some of the
findings of the report are as follows

Attacks Shift to the Cloud
Nearly 35 percent of respondents believe that more sophisticated
service and application attacks represent the largest operational
threat over the next 12 months, displacing large scale botnet-enabled
attacks, which came in second this year at 21 percent.

Again this year, more than half of the surveyed providers reported
growth in service-level attacks at one gigabit or less bandwidth
levels. Such attacks, while also driven by botnets, are specifically
designed to exploit service weaknesses, like vulnerable and expensive
back-end queries and computational resource limitations.

Several respondents reported prolonged (multi-hour) outages of
prominent Internet services during the last year due to
application-level attacks. These service-level attack targets included
distributed domain name system (DNS) infrastructure, load balancers and
large-scale SQL server back-end infrastructure.

Attack Size Still on the Rise, But at a Slower Pace
In previous versions of the Worldwide Infrastructure Security Report,
service providers reported near doubling in peak distributed denial of
service (DDoS) attack rates year-over-year, with peak attack rates
growing from 400 Mbps to more than 40 Gbps since 2001. This year,
providers reported a peak sustained attack rate of 49 Gbps, a 22
percent growth over last year’s peak of a 40 Gbps attack, which shows
the attack scale growth has slowed in the past 12 months. As
comparison, last year’s 40 Gbps attack represented a 67 percent
increase over the largest attack reported in the 2007 survey.

Additionally, only 19 percent of survey respondents reported the
largest attacks they observed as being within the one-to-four Gbps
range this year, as opposed to some 30 percent in 2008.

Internet Architecture and Operations Facing Perfect Storm
A convergence of issues is facing the Internet Architecture and
Operations community, including looming IPv4 address exhaustion and the
preparedness for migration to IPv6, DNS Security Extensions (DNS SEC)
and to 4-byte ASNs (used for inter-domain routing on the Internet). 
Any one of these changes alone would constitute a significant
architectural and operational challenge for network operators;
considered together, they represent the greatest and potentially most
disruptive set of circumstances in the history of the Internet, given
its growth in importance to worldwide communications and commerce.

The Internet is Not IPv6 Ready
A majority of surveyed providers reported concerns over the security
implications of IPv6 adoption, and the slow rate of IPv4 to IPv6
migration, or at least the parallel deployment of IPv6. As in previous
years, providers complained of missing IPv6 security features in
routers, firewalls and other critical network infrastructure. Other
providers worried the lack of IPv6 testing and deployment experience
may lead to significant Internet-wide security vulnerabilities.

A recent Arbor study found IPv6 traffic accounts for 0.03 percent of
all Internet traffic, up from just .002 percent a year earlier, and
while representing a significant increase, IPv6 still only accounts for
a tiny fraction of aggregate Internet traffic today.

Other Obstacles to Effective Threat Mitigation
Non-technical factors, such as a lack of skilled resources,
clearly-defined operational policies and responsibilities, and
management understanding and commitment are the most significant
obstacles to reducing mitigation times and proactively strengthening
operational security postures, respondents said.