[ISN] DDoS attacks still biggest threat

[InfoSec News]

http://www.techworld.com/networking/news/index.cfm?NewsID=4570

By John E. Dunn, Techworld
13 October 2005

Companies should devote more resources to countering old-fashioned
DDoS attacks when investing in security, a survey of global ISPs (pdf)  
[1] has argued.

The figures from Arbor Networks in its Worldwide ISP Security Report 
came from questionnaires sent to 36 large ISPs in the US, Europe and 
Asia. 

Over 90 percent of ISPs surveyed cited simple "brute force" TCP SYN 
and UDP datagram DDoS floods from zombie PC networks as their biggest 
day-to-day hassle, a finding which should apply equally to their 
corporate clients.

This puts DDoS ahead of more recent attack types such as 
fast-spreading worms and DNS poisoning, which were ranked second and 
third respectively, in terms of prevalence. 

Even then, worm attacks were often most hazardous in terms of their 
original effect on traffic. "The primary threat from worms is not the 
payloads but the network congestion they cause," the report noted. 

Surprisingly, given the prevalence of this type of attack in recent 
years, only 29 percent of ISPs offered services to counter and trace 
DDoS in an automated way at the ISP level. The majority only 
discovered such events when a customer contacted them for help.

The main means of defending against DDoS remains the use of Access 
Control Lists (ACLs), but these come with the downside of shutting off 
network access. The DDoS attack is stopped but only by replicating 
much the same effect as the original traffic blocking. 

The reported motivations for DDoS attacks clusters around issues such 
as cyber-extortion, electronic protests against companies, and even 
corporate espionage. Few, if any, of such attacks are reported to 
result in criminal action against the instigator, which could account 
for its continued popularity. 

[1] http://www.arbor.net/downloads/Arbor_Worldwide_ISP_Security_Report.pdf