Distributed denial-of-service attacks—those floods of junk traffic that criminals use to disrupt or completely take down websites and services—have long been an Internet scourge, with events that regularly cripple news outlets and software repositories and in some cases bring huge parts on the Internet to a standstill for hours. Now there’s evidence that DDoSes, as they’re usually called, are growing more potent with two record-breaking attacks coming to light in the past week.
DDoS operators hack thousands, hundreds of thousands and in some cases millions of Internet-connected devices and harness their bandwidth and processing power. The attackers use these ill-gotten resources to bombard sites with torrents of data packets with the goal of taking the targets down. More advanced attackers magnify their firepower by bouncing the malicious traffic off of third-party services that in some cases can amplify it by a factor of 51,000, a feat that, at least theoretically, allows single home computer with a 100 megabit-per-second upload capacity to deliver a once-unimaginable 5 terabits per second of traffic.
These types of DDoSes are known as volumetric attacks. The objective is to use machines distributed across the Internet to send orders of magnitude more traffic volume to a circuit than it can handle. A second class— known as packet-per-second focused attacks—forces machines to bombard network gear or applications inside the target’s data center with more data packets than they can process. The objective in both types of attacks is the same. With network or processing capacity fully consumed, legitimate users can no longer access the target’s resources, resulting in a denial of service.
No comments:
Post a Comment