Page 25 - Cyber Warnings
P. 25
DDoS Attacks and the Internet of Things
by David Navetta, Kris Kleiner, and Erin Locker, Norton Rose Fulbright US LLP
Several significant distributed denial-of-service (“DDoS”) attacks have taken place in the last
few weeks, including a major event involving a domain name service provider (Dyn), which
caused outages and slowness for many popular sites like Amazon, Netflix, Reddit, SoundCloud,
Spotify, and Twitter. This significant attack came on the heels of two major DDoS attacks
against KrebsonSecurity and France-based hosting provider, OVH, in late September—each of
which set records as the largest of these attacks in history. Most recently, nearly 900,000
Deutsche Telekom routers in Germany were attacked, causing significant internet and television
outages across the country. While DDoS attacks have been around for some time, what stands
out in these cases is the attackers’ exploitation of security weaknesses in tens of thousands of
Internet of Things (IoT) devices to launch the attacks. Unfortunately, these type of widespread
outages may be more common in the future if these weaknesses are not addressed.
At their most basic level, DDoS attacks work by sending a high volume of data from different
locations to a particular server or set of servers. Because the servers can only handle a certain
amount of data at a time, these attacks overwhelm the servers causing them to slow
significantly or fail altogether. This prevents authorized users from being able to use or access
the services being provided by the attacked servers.
The DDoS attackers that hit Dyn disrupted a wide number of websites by targeting two Domain
Name System (“DNS”) servers maintained by the company. DNS is an essential component of
all websites, responsible for translating human-friendly website names into numeric, machine-
readable Internet Protocol (“IP”) addresses needed to find and connect with the right servers so
that they can deliver requested content. Anytime an individual user sends an email or browse a
website, the computer sends a DNS look-up request to help route the traffic to the correct
location. For scale, Google’s Public DNS handles 70 DNS billion requests a day. As such, a
DDoS attack against key DNS servers that prevent those requests from going through can
cripple vast parts of the Internet almost instantly. Unfortunately, these type of widespread
outages may be more common in the future because of security weakness of Internet-of-Things
(“IoT”) devices.
There are service providers like Akamai or Cloudflare that provide DDoS mitigation defenses
designed to combat these attacks by absorbing or deflecting DDoS traffic. In their simplest form,
DDoS mitigation tools serve as remote network traffic filters that attempt to redirect and
disregard the high volume of malicious traffic while filtering the good traffic through to the server.
Because the success of these basic measures necessarily depends upon the ability to identify
and distinguish the good traffic from the bad, which is not always an easy task, these services
have evolved to offer a more layered approach for defenses, including redistributing traffic to the
service provider to absorb the increased traffic, scattering traffic to multiple locations and
performing various additional background checks to validate traffic.
25 Cyber Warnings E-Magazine December 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
