In September 1996, New York City’s original ISP, Panix, was hit by a SYN flood denial of service attack that took them offline for several days. At a time when only 20 million Americans were online, this was one of the first high profile examples of the growing importance of network and service availability.
It also demonstrated how fragile internet infrastructure was at the time. According to an advisory from Carnegie Melon’s CERT, “There is, as yet, no generally accepted solution to this problem with the current IP protocol technology.”
Early days of DDoS defense
It was in this environment that a research project was born at the University of Michigan focused on solving this problem. DARPA recognized the importance of the effort and provided a grant to continue the work. That investment has since been hailed as one of their five most amazing technologies.
“Availability is the starting point for our connected world, and it raises the stakes for network operators, and those who attack them. We’ve gone from a time 20 years ago with no answers to a time today that requires DDoS solutions that were purpose-built for the scale and complexity of modern attacks,” said Eric Jackson, Arbor Networks VP of Product Management.
DDoS attacks have changed: Have you?
Despite 20 years of headlines, many businesses today are under-invested and ill-prepared to handle modern DDoS attacks. Many wrongly believe they are not being targeted by DDoS attacks, and are in fact experiencing outages due to DDoS that are being attributed to equipment failures or operational error because they lack DDoS visibility and defense.
Still more rely on existing infrastructure devices such as firewall and IPS, or a single layer of protection from their ISP or their CDN. In each case, these businesses are exposed and only partially protected. Firewall and IPS are stateful devices that are often targets of DDoS attacks while cloud-only or CDN protection does not provide adequate protection for critical business applications.
Size: Attacks that targeted ISPs in the late 1990’s were minuscule compared to the massive attacks we see today. Just last month, Arbor Cloud mitigated a 600Gbps attack, the largest we have ever seen. The average attack size is projected to be 1.15Gbps by end of 2016, large enough to knock most businesses offline.
Frequency: In the age of hacktivism, free tools and for-hire services, the likelihood of being targeted for a DDoS is greater than ever. The number of DDoS attacks has grown 2.5 times over the past three years.
Complexity: DDoS attacks are no longer simple SYN floods but highly complex, multi-vector attacks that target connection bandwidth, applications, infrastructure (firewall, IPS) and services simultaneously.
Best practice defense is hybrid
According to IHS Infonetics Research, for customers, the benefits of hybrid solutions are clear: on-premises mitigation allows them to deal with the constant hum of volumetric attacks in lower bandwidth ranges (10G or less) at a fixed cost. Hybrid solutions also provide great protection for non-volumetric, or non-saturation attacks (like many application-layer attacks).
The on-premises solutions can be integrated with the rest of their security infrastructure to provide continuous attack coverage and insight into multi-vector attacks that leverage DDoS as a single vector in a larger attack.