Application-Layer DDoS on the Rise
When it came to application-layer DDoS attacks, HTTP, DNS and SMTP were the most frequently targeted applications, the survey found. Seventy-eight percent experienced HTTP DDoS attacks during the survey period, while 65 percent experienced DNS-focused attacks. Voice-over-IP (VoIP) systems, gaming servers and TCP port 123 were also listed as application-layer targets. Such attacks have grown more sophisticated as service providers have become more adept at dealing with brute-force packet-flooding layer 3 and 4 DDoS attacks, Dobbins said. Attackers have also come to realize that many applications, as well as their ancillary services, are relatively fragile, nonscalable and poorly defended-if they're defended at all. This means that attackers can achieve "significant attack amplification by flooding applications with well-crafted, yet hostile transactional traffic" that ultimately allows them to take down applications with less bandwidth and effort than simple packet-flooding attacks, he said."The core technologies in mobile wireless networks today are non-TCP/IP protocols; consequently, mobile wireless operators must have staff with strong skill sets with these technologies, which are considerably different from TCP/IP," Dobbins said. "Given that until the last couple of years, mobile wireless SPs [service providers] have been far more focused on voice 'minutes' rather than their data services, many have consequently heavily staffed on the voice-related side, with less emphasis on the TCP/IP data side of their businesses. "With the explosion of usable and useful smartphones, iDevices and the skyrocketing popularity of 3G modem dongles for laptop computers and even the utilization of 3G services for remote branch office connectivity, many mobile wireless operators have in essence become 'accidental ISPs' over the last couple of years," he continued. "Consequently, they're struggling to learn and operationalize all the lessons learned by wireline operators over the last decade-and all at once, now."
The report also included bad news for mobile operators. Of the 30 percent of respondents that operated mobile/fixed wireless networks, 59 percent said they have limited or no visibility into the network traffic of their wireless packet cores when it comes to classifying core traffic as potentially harmful. Only 23 percent indicated they have visibility into their wireless packet cores on par with or better than their visibility into their wireline packet cores.