Stories
Slash Boxes
Comments

SoylentNews is people

Cloudflare Reports Massive Slowdown In Network Level DDoS Attacks

posted by Fnord666 on Monday November 27 2017, @04:47AM   Printer-friendly
from the not-for-lack-of-zombies dept.

"Arthur T Knackerbracket" writes:

Arthur T Knackerbracket has found the following story:

News outlets and blogs will frequently compare DDoS attacks by the volume of traffic that a victim receives. Surely this makes some sense, right? The greater the volume of traffic a victim receives, the harder to mitigate an attack - right?

At least, this is how things used to work. An attacker would gain capacity and then use that capacity to launch an attack. With enough capacity, an attack would overwhelm the victim's network hardware with junk traffic such that they can no longer serve legitimate requests. If your web traffic is served by a server with a 100 Gbps port and someone sends you 200 Gbps, your network will be saturated and the website will be unavailable.

Recently, this dynamic has shifted as attackers have gotten far more sophisticated. The practical realities of the modern Internet have increased the amount of effort required to clog up the network capacity of a DDoS victim - attackers have noticed this and are now choosing to perform attacks higher up the network stack.

In recent months, Cloudflare has seen a dramatic reduction in simple attempts to flood our network with junk traffic. Whilst we continue to see large network level attacks, in excess of 300 and 400 Gbps, network level attacks in general have become far less common (the largest recent attack was just over 0.5 Tbps). This has been especially true since the end of September when we made official a policy that would not remove any customers from our network merely for receiving a DDoS attack that's too big, including those on our free plan.

Far from attackers simply closing shop, we see a trend whereby attackers are moving to more advanced application-layer attack strategies. This trend is not only seen in metrics from our automated attack mitigation systems, but has also been the experience of our frontline customer support engineers. Whilst we continue to see very large network level attacks, note that they are occurring less frequently since the introduction of Unmetered Mitigation.

The article goes on to explain how the attacks have changed and what techniques are currently popular.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Cloudflare Reports Massive Slowdown In Network Level DDoS Attacks | Log In/Create an Account | Top | 3 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by frojack on Monday November 27 2017, @05:43AM

    by frojack (1554) on Monday November 27 2017, @05:43AM (#601952) Journal

    they are occurring less frequently since the introduction of Unmetered Mitigation.>

    So attackers were successful simply because the company victims hired to protect them from such attacks thew those customers under the bus if the attack was big enough. As soon as the "Protection Gang" stopped doing that, the massive attacks stopped, because attackers couldn't hope to compete.

    And that's my most charitable interpretation. I'm starting to wonder who was paying those attackers.

    How many people got their money back?

    --
    No, you are mistaken. I've always had this sig.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2