Re: Largest DDoS attack ever delivered by botnet of hijacked IoT devices

[Note: This comment comes from friend David Rosenthal. DLH]

From: “David S. H. Rosenthal” <>
Subject: Re: [Dewayne-Net] Largest DDoS attack ever delivered by botnet of hijacked IoT devices
Date: September 25, 2016 at 1:10:21 PM PDT

The lesson for enterprises is that the DDoS protections they have in
place need to be tweaked to handle higher attack volumes, he says.

Well, yes, but this is an arms race with an asymmetric enemy, so isn’t
going to be won by beefing up defenses. A Web containing only sites
that can afford $100-200K/yr in DDoS defense isn’t worth having. And,
given the economics of the IoT, suggestions about persuading IoT
vendors to improve security are futile.

There’s fundamental problem with the IP architecture, in that it
enables this kind of asymmetric warfare. That is the lesson that
should be learned.

This is yet another reason why we need to evolve to a Decentralized
Internet (not just a Decentralized Web), probably Named Data Networking
(NDN). Although I’m not aware of a major “black hat” analysis of the
various decentralized proposals, the argument is very plausible.

Why can a large number of small, compromised devices with limited
bandwidth upstream bring down a large, powerful Web site, even one
defended by an expensive DDOS mitigation service? Two reasons:

* In today’s centralized Internet, the target Web site will be at one,
or a small number of IP addresses. The network focuses the traffic
from all the compromised devices on to those addresses, consuming
massive resources at the target.
* In today’s centralized Web, the target Web site will be be one tenant
sharing the resources of a data center, so the focused traffic
inflicts collateral damage on the other tenants. It was the cost in
resources and the risk to other customers that caused Akamai to kick
out KrebsOnSecurity.

In NDN, a request for a resource only travels as far as one of the
nearest copies. And in the process it creates additional copies along
the path, so that a subsequent request will travel less far. Thus,
instead of focusing traffic, large numbers of requests defocus the
traffic. They spread the responsibility for satisfying the request out
across the infrastructure instead of concentrating it. By moving the
load caused by bad behavior closer to the bad actors, it creates
incentives for the local infrastructure to detect and prevent the bad


PS – according to Krebs, this isn’t the largest DDoS ever seen:

“OVH, a major Web hosting provider based in France, said in a post on
Twitter this week that it was recently the victim of an even more
massive attack than hit my site. According to a Tweet from OVH founder
Octave Klaba, that attack was launched by a botnet consisting of more
than 145,000 compromised IP cameras and DVRs.”

Largest DDoS attack ever delivered by botnet of hijacked IoT devices
Attack proved too draining for Akamai to keep fighting it
By Tim Greene
Sep 23 2016


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s