main

DDoS AttacksSecurity

4 Massive Myths of DDoS

February 8, 2012 — by Carl Herberger2

Myth #1: DDoS can be Solved by Adding Bandwidth

Truth: As illustrated in the graph below, attacks in 2011 were quite varied and over 76% of application-level attacks were non-volumetric in nature (that is bandwidth was not an attribute of the service disruption). Thus adding bandwidth would not have remedied the problem, and in some cases, would have made the attack worse!


Attack Types and Bandwidth have Varied!

Myth #2: DDoS Attacks are Based on Network Attacks – Mostly SYN Floods

Truth: 2011 was a watershed year not only logging more application-layer attacks then network, but also, the network level attacks were varied across UPD / TCP and IPv4 & IPv6 (as illustrated in the graph below)!

Radware Security Survey: Attack Count by Type and Bandwidth

Myth #3: DDoS Attacks Can be Mitigated by Internet / Cloud “Scrubbers”

Truth: DDoS “Cleaning” requires a layered approach (almost like all other security approaches). Cloud scrubbers have value, however premise-based devices are required for application-layer, encrypted and advanced anti-CDN attacks (as illustrated in the graph below).

Myth #4: My firewall and IPS devices protect me from DDoS Attacks

Truth: In 2011, IPS’ and Firewalls contributed to 1/3 of all originating service disruptions (see graph below).

Firewall and IPS Security Devices Accounted for 1/3 of Availability Outage/Bottleneck Problems in 2011

Carl Herberger

Carl is an IT security expert and responsible for Radware’s global security practice. With over a decade of experience, he began his career working at the Pentagon evaluating computer security events affecting daily Air Force operations. Carl also managed critical operational intelligence for computer network attack programs to aid the National Security Council and Secretary of the Air Force with policy and budgetary defense. Carl writes about network security strategy, trends, and implementation.

2 comments

Leave a Reply

Your email address will not be published. Required fields are marked *