How Large Can a DDoS Attack Get?

Distributed denial of service (DDoS) is the most common way that hackers bring websites, gaming servers, and various other services that depend on the internet down abruptly. The severity of the attack could vary, ranging from a mild inconvenience to a total takedown of a server. Sometimes it’s more than just a server involved. Yes, for many years ambitious groups and individuals have had much larger targets in mind when planning their attacks. Some have even succeeded. Where do they draw the limit? Is there a limit at all to how large these attacks can get?

largeddos-rootserver

The number of DDoS attacks, at the time of this article’s publishing, is rising. With such easy access to the tools that allow people to perform these attacks, the problem is probably going to get worse. The ripple effect of this increase in attacks can be felt with many high-profile attacks such as the downtime experienced by the Sony PlayStation Network in 2014 which caused panic for millions of people who were attempting to access the network.

Governments have also gotten in on the action. One example of this would be the March 2015 attack on GitHub by the Chinese government that led to two projects getting shut down.

Other attacks include the DNS root server attack of 2007 which managed to cause a significant amount of trouble. When a root server is down, none of the domains under its control can be accessed making a very enormous amount of websites incapable of operating.

largeddos-bandwidth

There are two ways to measure a DDoS attack. You can either count the amount of bandwidth sustained during the attack or the number of people affected by it. The second metric is very difficult to assess since we don’t have any way to truly collect an accurate statistic on the number of people who are inconvenienced by any particular attack. However, we can measure bandwidth.

March 18, 2013, marked a day that would go down in history as the most unprecedented DDoS attack ever executed in terms of bandwidth until that point. Spamhaus, a website that tracks spammers, succumbed to an attack that eventually exceeded 120 gigabits per second. Such a large-scale attack, however, was dwarfed almost immediately by another attack in 2014 that managed to hit the 400 gigabit-per-second milestone, slowing down Internet connectivity for much of the European Union and part of the United States.

Those two attacks are by far some of the worst we’ve seen in history. The fact that hackers are finding it easier to find ways to gain more bandwidth makes it very possible that we will witness attacks that cause much more damage in the future. If this trend continues throughout the next few years we might as well call this the Golden Age of DDoS.

Many companies are currently investing in solutions that mitigate DDoS for them, but it’s not always within a business’ budget to employ state-of-the-art hardware and software for this purpose. We will have to help them in this fight, and the best way we can do this is to be prudent about what we download and the websites we access. Attackers use other computers through viruses and shady scripts to execute a DDoS, making thousands of systems send connection requests to one particular server. Make sure that you download things only from trustworthy sources!

What do you think? Do you have any other advice for how we can help stop DDoS? Tell us more in a comment!

2 comments

  1. There is no real way to deal with a DDOS attack directly, if it is strong enough. It can take down just about any IP address, with the size of the botnets that there are out there. DDOS attack is a severe bug in lingering the HTTP/TCPIP protocols, and hopefully will be addressed one day, structurally.

    The main characteristic of a DDOS attack is you will see your bandwidth graph shoot up dramatically. It will actually make a plateau in a bandwidth graph, at your max network capacity of the NIC. This would be visible in the Task Manager of Windows systems, and through #iftop -i eth0 or similar command in Linux systems.

    There are two main sources of DDOS attacks: Standard botnets and shells owned by one person have plagued companies for ages, but the second type is more damaging: “booters”. Booters are websites that provide cheap (very cheap) “Network Stress Testing” services. That’s just the legitimate sounding name for illegal DDOS attacks. They can enter any IP address into these to bring high GB/s attacks on that IP. The main way to find out that you are dealing with a script kiddie using a booter is you can time the DDOS attacks, and they are almost always timed lengths. Normal DDOS will just go on and on with no breaks.

    Some of the mitigation factors you can use are nullroute, DNS redirection, DDOS protection services, and finally dox/social engineering.

    Nullroute is where a single IP address has all traffic sent to Null, which is like deleting it. This will basically shut off the DDOS attack, but completely turns off that IP address, and is a suboptimal but necessary step to take.

    Secondly, you might want to try to redirect web traffic to new DNS with a notification, but this is also suboptimal because it difficult to disseminate the new web address to your long time customers.

    You can also purchase DDOS protection from companies such as Cloudflare. However this can have very expensive service fees, as well as poor performance. These services will often cache websites, verify browsers, and filter packets so that your web services will stay up even during sustained attack. But the downsides are that you will often see cloudflare error pages when their services get overwhelmed, users will have to deal with redirect pages, and the website performance will be slow. This is however the ONLY solution when all the other ways to stop DDOS attack fail.

    The final way to mitigate a DDOS attack is through social engineering or doxing. You can attempt to investigate the source of the attack by keeping track of threats made to the company or community. If your company has support from Law Enforcement, this would be far more practical, but also costly in that route. If the attacker is lazy and uses a cheap proxy or no IP protection at all, you might be able to pinpoint his real IP address and find out his personal information from logs. This step really requires cooperative law enforcement, but for individuals or small businesses, you will find that the police will not help you at all, even with positive proof of an attack. This is because of the lack interstate jurisdiction in America with regards to network attack.

    • Although there is no way to deal with a DDoS attack directly, there are ways to control the way a DDoS attack affects someone. This is a bit easier if you control how the bot packets are routed and have a large array of “dummy” servers that help keep up with the bandwidth via load balancing. This is precisely what Cloudflare does. It’s not a perfect solution, but it’s been much more effective than firewall filtering, a jimmied up solution that belongs back in the 90s.

Comments are closed.

Sponsored Stories