DDoS(distributed Denial of System) means that a number of machines on the Internet are attacking one of your machines,
It starts with several machines(“Masters”) being controlled by the “Attacker”, then the
“slaves” attack your machine.
With this definition of DDoS normally
The actual attack into your machine usually just floods the victim machine with nonsensical IP packets. The affect of all the nonsensical data to the victim machine is that the victim machine fails to function.
This is exactly what happened on this day (Christmas 12/25/14) http://oversitesentry.com/krebs-notes-lizard-attacked-sony-with-home-routers/
But according to Dark reading’s Kelly Jackson Higgins’ story: http://www.darkreading.com/perimeter/when-ddos-isnt-all-about-massive-disruption/d/d-id/1319581
Instead of large amount of packets in a short amount of time, the “slaves” are now attacking with low-and-slow attacks against the application layer. But it may not be an attack to destroy, instead it is an attack to create a “smokescreen”.
{“It’s a smokescreen effect,” Larson says of the short-burst network DDoS attacks. “If they send [traffic] in short-duration, 3 Gig packet rates [at the most], it’s not going to cause service degradation” in a large data center, Larson says. “You might see that class of attack good enough to degrade a firewall or IPS … It might allow a connection to remain open during the attack.”}
So what happens is the DDoS is set to make a cover attack for for the real attack. and these days with high-end traffic servers able to handle thousands even hundreds of thousands of packets. These are sophisticated attacks and may not be so easy to find. But one thing I would say is what may be nation-state attackers today, the attackers will become more sophisticated from the criminal end as well.
Everything is becoming more sophisticated, there are more attacks, and better attacks. We must figure out better defenses as well.
2 thoughts on “DDoS not only for disruption”