The Transmission Control Protocol (TCP) drives major internet operations such as video streaming, file transfers, web browsing, and communications, accounting for very high percentages of fixed access internet traffic and even more of mobile internet traffic. Surprisingly, the TCP performance is yet to reach its full potential. Sub-optimal TCP performance translates into undesirable consequences for the communications service providers, who struggle hard to make the most out of expensive resources, to combat operational inefficiencies, and to provide a high quality of experience to the subscribers.
2016 has been an eventful year when it comes to denial of service attacks. This year the industry as a whole has seen the largest attacks ever, and new attack vectors designed to test and challenge modern day defenses. Every year Radware’s ERT sees millions of attacks and our ERT Researchers throughout the year are constantly reviewing and analyzing these attacks to gain further insight into trends and changes in the attack vector landscape.
This year, two of the most common trends among attackers were burst attacks, aka “hit and run”, and advanced persistent denial of service (ApDoS) campaigns. Throughout the year we have observed a number of attackers using short bursts of high volume attacks in random intervals, and attacks that have lasted weeks, involving multiple vectors aimed at all network layers simultaneously. These types of attacks have a tendency to cause frequent disruptions in a network server’s SLA and can prevent legitimate users from accessing your services.
In the constantly evolving threat landscape attackers are always finding new ways to target their victims. In the last few years we have seen a steady growth in Distributed Reflective Denial of Service attacks, DrDoS. These attacks rely on misconfigured public servers and these public servers can provide an attacker with the amplification in bandwidth needed to take down their targeted site.