Distributed denial of service attacks are growing in number and sophistication, though tools to fight them are just over the horizon, said Stefan Savage, a researcher at the University of California at San Diego and the founder and chief scientist at Asta Networks Inc.
DDoS attacks are those in which multiple systems worldwide are taken over and used to flood targets with false requests for service, thus causing the target to overload and deny response to legitimate users.
The types of attacks being used are roughly the same methods that have been used for years, but new ways of controlling them have recently been developed, Savage said at The Internet Security Conference (TISC) here Wednesday.
"Things, I think, are getting a little worse," he said, adding that DDoS tools are developing more quickly than the defenses used to fight them. Additionally the barrier to entry for launching such attacks is coming down because of the spread of attack tools and easy access to them, through search engines, he said.
New types of attacks being used include punctuated attacks, attacks against infrastructure, and shifting-sources attacks, he said. Punctuated attacks are those that send huge short bursts of traffic and then stop only to repeat the pattern every few minutes. Attacks against infrastructure are those that target critical pieces of the Internet's hardware, including routers and name servers. These attacks are especially troubling, said Savage, because "if you take down one of these things you impact a lot more customers than you could taking down any server." Lastly, shifting-source attacks are those that take over systems to attack for a short period and then switch to a new group of systems and continue the attack.
DDoS attacks are also growing in number. Savage, along with a group of UCSD researchers, recently authored a study that found that nearly 4,000 DDoS attacks are launched each week, though Savage said Wednesday he thinks the number is actually higher. "There are 20 to 40 attacks at any instant at any time," he said.
Some systems studied were attacked as often as once per minute, usually with attacks of up to 1,000 packets per second, though some attacks ran as much as 600,000 packets per second.
Previously, systems administrators had tried to prevent such attacks with patches, rules and other measures but "ultimately prevention is not going to solve the problem," he said. New tools to fight such attacks are needed and they're beginning to surface, he said.
These tools must combine automated reporting with human interaction, in such a way that they will be able to accurately detect attacks, alert the appropriate people and present them with options of how to proceed, he said. These tools must also be highly scalable and have a low cost and high reliability, he said.
One company to offer such tools is Savage's employer, Asta Networks, which will be debuting its anti-DDoS product next week. The product, Savage said, is able to analyze traffic to determine if an attack is occurring, can work with an existing network and can identify the type and location of the attack. Another company that provides similar tools is Mazu Networks Inc.
The Internet is no longer the trusted place that it was when it was founded, Savage said. Now security, rather than sharing, is a major concern.
"Everyone is a potential target," he said.
But perhaps, with the new breed of anti-DDoS products, those targets will become a good-deal smaller.