In terms of DDoS attacks, 2019 has started with a bang! At the end of January reports surfaced of a massive DDoS attack that generated over 500 million packets per second, which was significantly larger than last year’s GitHub attack, which peaked at 129.6 million packets per second.
The definition of packet duplication is pretty simple; a duplicate packet is any packet that is identical to another packet. However, just because it’s easy to define doesn’t mean it doesn’t cause a significant headache for Network Engineers and System Analysts.
The view of the cyber threat landscape is very different depending on your perspective, this perspective is defined by what type of network you are protecting. Targeted cyber-attacks use an increasing catalogue of clever tactics and innovative attack vectors which are reshaping corporate and governmental security strategies, while wreaking havoc in consumer markets.
Security Analysts within the SecOps, DevOps, Security Operations Centre (SOC), Incident Response and Threat Intel teams are often overloaded with information produced by their cyber security tools. This issue is even more problematic in Firewalls and Intrusion Detection Systems’s (IDS) at carrier scale, leading to ‘Alert Fatigue’ and false positives.
A network security team can only fight what they can see, an organisation’s network security depends on their ability to rapidly detect and respond to emerging threats across their infrastructure, whether that is Tier 1 Operator, Enterprise or Cloud Provider. However, attack methods and strategies are constantly evolving, making threat detection an always-moving target. A good base to start from is understanding what type of threats may lurking in your network, these threats look very different depending on throughput of network traffic.
A Content Delivery Network or CDN is a system of distributed servers and nodes that delivers web content to a user, based on the geographical location of the user, the origin of the webpage and the content delivery service. The purpose of the CDN is to avoid bottle necks that would occur if every user tried to access content from one central location, the CDN replicates and redirects content so it is available to many users all at once. Ultimately improving user experience across multiple geographical locations (i.e. not just to those users who are physically closest to the server with the original content) and easing pressure on network infrastructure resources.
Cybercriminals are increasingly using application layer Distributed Denial of Service (DDoS) to attack their victims. Unlike a Layer 3-4 DDoS attack that consumes network bandwidth, an application layer or L7 attack can be much smaller in traffic volume and can go unnoticed until too late. This type of attacks effectiveness lies in its ability to mimic genuine HTTP request traffic, usually going unnoticed until it too late. Application layer attacks of this nature are often part of a wider multi-vector DDoS that looks to disrupt different parts of a victim’s infrastructure.
A UDP flood is a type of volume based DDoS (Distributed Denial of Service) attack, where large numbers of UDP (User Datagram Protocol) packets are sent to a target server, limiting its ability to carry out its functions. UDP traffic doesn’t require a three-way handshake to make a connection like TCP (Transmission Control Protocol), it runs with lower overhead and is ideal to carry data that doesn’t need to be checked and rechecked, such as VoIP. This means it is easier for attackers to generate large traffic volumes with tools like Low Orbit Ion Cannon (LOIC) and UDP Unicorn.
Steve is an experienced technical B2B cyber security specialist and Director. Steve is a frequent speaker on topics including security breaches, big data analytics, audit and compliance, and IT forensics.
Telecommunications providers are migrating data backbones to 100GbE to carry increasing traffic volume shared between multiple services and technologies such as mobile VoLTE, Virtual Network Functions (VNFs) and Software Defined Networking (SDN) infrastructure. Data is often exchanged through virtual tunnels, where threats can hide, making detection complex, decreasing network visibility and security.
Cyber criminals have been using DNS for malicious purposes successfully for years, malware such as DNSChanger uses DNS to target high value data held by ISP’s, CSP’s, CDN’s, Governments and Enterprise.
We are using cookies to provide statistics that help us give you the best experience of our site.
Cookies are short reports that are sent and stored on the hard drive of the user's computer through your browser when it connects to a web. Cookies can be used to collect and store user data while connected to provide you the requested services and sometimes tend not to keep. Cookies can be themselves or others.
There are several types of cookies:
Technical cookies that facilitate user navigation and use of the various options or services offered by the web as identify the session, allow access to certain areas, facilitate orders, purchases, filling out forms, registration, security, facilitating functionalities (videos, social networks, etc..).
Customization cookies that allow users to access services according to their preferences (language, browser, configuration, etc..).
Analytical cookies which allow anonymous analysis of the behavior of web users and allow to measure user activity and develop navigation profiles in order to improve the websites.
So when you access our website, in compliance with Article 22 of Law 34/2002 of the Information Society Services, in the analytical cookies treatment, we have requested your consent to their use. All of this is to improve our services. We use Google Analytics to collect anonymous statistical information such as the number of visitors to our site. Cookies added by Google Analytics are governed by the privacy policies of Google Analytics. If you want you can disable cookies from Google Analytics.
However, please note that you can enable or disable cookies by following the instructions of your browser.