Emerging DDoS Attack Trends

In a previous post I emphasized on the long-term trend of how DoS attacks have the potential to cause as much damage as a full-scale DDoS attack, and increase their chance of not getting detected while require less resources. Looks like Prolexic Technologies are thinking in the same direction and warning that :

"IT security bosses will have to be increasingly vigilant in 2007 as criminals exploit new ways of ensuring distributed denial of service (DDOS) attacks cause the maximum damage and circumvent filtering technology, according to DDOS protection specialist Prolexic.While there will continue to be large-scale consumption-based attacks this year, attackers have learned that smaller, customised attacks tailored to web servers' application logic can have similar effects but require smaller botnets to generate, according to Prolexic president Keith Laslop."The requests will bring your CPU usage up to 100 percent by doing things like registering as a new customer" he said. "There is a slow frequency of requests so it will not trigger third-party [detection] technology, and intrusion-detection systems are not designed to notice these attacks."

Attacks like these while not conducted by malicious parties, are already happening at Britain's Prime Minister web site, though these should have been anticipated earlier.

As always, assessing risk as if you are a part of a red team provides the best security for your network. Think malicious attackers. If they're able to fingerprint the software running on your boxes and get under the skin of your web applications, a surgical and specifically crafted DoS attack would not only require less resources compared to a DDoS one, but would also make it a little bit harded for incident forensic investigator to react in a timely manner. So while you're preparing for a constant Gbytes stream, attackers will shift tactics.

Here's more info on the recent -- totally futile -- attempt to attack the root domain servers.