ISPs and hosting providers are familiar with customers who are frequent targets of distributed denial of service (DDoS) attacks. But are they doing enough to protect their customers? The answer is maybe not. In general, hosting providers concentrate on services such as bandwidth and connectivity rather than provisioning DDoS protection. Interrupting the online real-time video gaming experience with DDoS attacks for advantage or notoriety, in particular, continues to make headlines.
Hosting providers offer critical connectivity to businesses and the public, and hackers and other malicious actors recognize that they are vulnerable. Taking down an ISP has broad and lasting consequences. Recently there’s been a significant increase in DDoS attacks on ISP networks and servers. The truth of the matter is ISPs and hosting providers are often lacking when it comes to providing network protection services to their clients.
Dr. Vincent Berk, CEO of FlowTraq, who wrote “6 Reasons Why ISPs Must Step Up Defenses Against DDoS Attacks” explains why:
“The nature of the problem is that ISPs service many customers, not just one,” Berk says. “And although we all hear about the very big DDoS attacks, it is the magnitude and number of smaller DDoS attacks that the average ISP truly has to deal with. The number of smaller DDoS attacks is skyrocketing.”
For video gaming companies and their community these unmitigated attacks are critical. They ruin the overall gaming experience and affect the credibility of the company. Online gamers are outraged at the high levels of DDoS that’s going unmitigated. Technology experts recommend the best way to deal with this crisis is for ISPs to provide protection against DDoS as a service to their customers.
We look at DDoS threats and answer questions that ISPs can consider when planning protection against network and application layer attacks on their networks and on their customers.
What happens during a DDoS attack?
A denial of service (DoS) attack cuts access for users to an online resource such as a website or an online gaming service by flooding the network with unwanted traffic. In an online video game, hackers target the IP address of a gamer by sending a barrage of traffic to that particular address to overwhelm it. Online games such as Minecraft, CubeWorld and Team Fortress 2 are susceptible to DoS attacks since they support third-party servers, which expose IP addresses to the public domain.
A DDoS attack is executed by multiple compromised systems. During a DDoS attack, an attacker uses numerous compromised devices to flood an online resource with packets. The attack prevents gamers from accessing their online games.
In some situations most ISPs become aware of DDoS attacks only after the customer has filed a complaint. The reason being that some ISPs may not have a monitoring or alert system to identify an attack before it hits them.
“In typical scenarios we might see multiple small DDoS attacks hitting several end customers in an ISP scenario,” Berk says. “By detecting this attack traffic and routing it to a local ‘scrubbing’ solution, the ISP can ensure the intended targets remain operational, as well as ensuring other customers are not affected. The ISP has the choice to make this part of their standard service, or to offer additional services for a fee.
“Although the big attacks make the news, it is the high number of smaller DDoS attacks that put pressure on the ISP. It is death by a thousand cuts, if not dealt with at the ISP.”
Scrubbing centers or cloud services that inspect traffic are an efficient method of curbing DDoS attacks. In this scenario traffic is routed to scrubbing centers in front of an organization’s servers or website so only clean traffic is forwarded.
What are the different types of DDoS attacks?
DDoS attacks come in a variety of forms. The three most common are:
- Volumetric attacks
- Protocol attacks
- Application layer attacks
Volume-based attacks are the most common DDoS attacks. This method uses techniques to flood bandwidth and prevent access to an online resource. The most common forms of this type of attack include ICMP floods, UDP floods and spoofed packet floods. The aim here is to saturate bandwidth and prevent legitimate users from accessing the attacked site. The standard measure of the magnitude of the attack is in bits per second (bps).
Protocol attacks target online server resources rather than bandwidth. They consume resources of communication equipment such as firewalls and load balancers. Protocol attack techniques include ping of death, SYN floods, Smurf attacks, fragmented packet attacks and others. This type of attack makes a server resource unavailable. Protocol attacks are becoming more common than volume-based attacks, considering the difficulty in dealing with this type of server attack. The standard measure for protocol attacks is in packets per second (pps).
Application layer attacks
An application layer attack is one of the most sophisticated DDoS attacks. It has seen a tremendous rise in usage by hackers in recent years due to its complexity and hard-to-detect attributes. It also requires fewer resources to overwhelm a resource and saturate bandwidth or attack protocols. This makes it usable by even novice hackers since it does not require any technological expertise to carry out an application layer attack. This attack comprises seemingly legitimate requests and its main objective is to crash the web server. It includes GET/POST floods, low and slow attacks and zero day DDoS attacks. Its standard measure is in requests per second (rps).
A new trend for hackers is to launch protocol attacks first to cause a distraction, and then follow with application layer attacks. This approach can have devastating effects. An application layer attack comes last because it takes more time to identify application vulnerabilities.
What are the security tools available?
DDOS protection secures websites and applications from volumetric network layer and application layer 7 attacks through automatic detection and real-time monitoring. Services that offer automatic detection and transparent mitigation of DDoS attacks can ensure a normal user experience even when a server is under attack.
Web Application Firewall
An enterprise-grade, PCI-certified cloud service or web application firewall (WAF) can protect against hacking attempts such as OWASP top 10 threats. WAFs use advanced traffic inspection technology and crowdsourced data to deliver full application security. Look for advanced features such as custom rules engine, backdoor shell protection and integrated two-factor authentication.
How DDoS protection is a business advantage for ISPs
With the high number of DDoS attacks, it’s becoming a priority for ISPs to consider providing protection services to their customers, to prevent impending attacks and gain competitive advantage. Providing protection services will result in additional costs. Considering the drastic increase of DDoS attacks, some customers may be willing to accept extra costs in exchange for peace of mind and secure systems.
Beyond bandwidth, ISPs can add value to their services by offering protection services and a clean pipeline to their clients. As technology advances, DDoS attack tools are readily available, making it even easier for hackers to launch attacks. ISPs, their customers and gamers are becoming more vulnerable to DDoS attacks.
Five reasons for ISPs to offer DDoS protection to their customers
ISPs are vulnerable targets for DDoS attacks due to their public nature. Passing the protection on to customers can offer a competitive advantage.
The following are some reasons why ISPs should provide protection to customers.
1. DDoS attacks affect customer ratings
The more DDoS attacks a customer receives on a network, the worse the customer ratings. The reputation of an ISP company depends on the ratings it receives from its customers. If a customer experiences numerous attacks without a lasting solution, chances are that the ISP will rank low in customer ratings.
2. DDoS attacks are costly to ISPs
Constant attacks on an online resource will ultimately translate to loss of revenue, and customers will look for alternative providers who offer protection services. While an attack might take just a few minutes, the repercussions may lead to loss of brand reputation or even permanent unavailability of an online service.
3. Attack tools are becoming highly advanced
DDoS attack tools are now more advanced and easier to use. A novice hacker can hire a booter or stresser tool and launch an attack from anywhere in the world.
4. DDoS attacks are becoming harder to detect
Without protection, it’s very difficult to detect a DDoS attack. DDoS mitigation solutions with early monitoring and alert systems in place can help deflect attacks.
5. DDoS attacks take a short time to execute
DDoS attacks take a short time to execute and means that a hacker can launch several attacks in no time. Without any form of protection, an attack can be extremely costly to the customer and ISP. Mitigating attacks on multiple systems can be very expensive, so it’s important to provide protection services to stop attacks.
To curb the increase in DDoS attacks, it’s important that ISPs provide protection services to their customers, particularly gaming companies. Forget about the extra costs, customers are always willing to pay for protection services if they know they’ll be secure from attacks. ISPs need to take the initiative in providing protection services to their customers. It is a win-win situation for all parties involved. By providing protection services to gaming companies, online gamers will also have a clean pipeline for a thrilling gaming experience.
Keep your finger on the pulse
Sign up for updates from Imperva, our affiliated entities and industry news.
Keep your finger on the pulse
Sign up for Imperva updates and industry news and never miss a beat.