Each year, Arbor Networks surveys a wide range of internet service providers to study what is happening on the networks. This year’s report shows the rise of hacktivist DDoS attacks and discovers the first IPv6 attack.
“Ideology was the most common factor for DDoS in 2011,” it notes, “followed by a desire to vandalize.” Since we have seen hacktivists willing to issue a general ‘call to arms’ and even provide the tools to take part in attacks, it represents, concludes Arbor, ‘a sea-change in the risk-assessment model’ for both network operators and their customers.
Also new last year was the first reported IPv6 attacks. They are still rare, indicating that the slow uptake of IPv6 makes it “not yet economically or operationally significant enough to warrant serious attention by the Internet criminal underground.” But, warns, Arbor, it also indicates that much IPv6 traffic may be unmonitored, masking the real threats.
The largest attack reported last year was 60 Gbps, much lower than the 100 Gbps reported in the previous year. However, there has been a significant increase in large flood-based attacks in excess of 10 Gbps, constituting “an extremely serious threat to network infrastructure and ancillary support services such as DNS, not to mention end-customer properties.”
Two things that might surprise network customers are the providers’ concern over the effectiveness of stateful firewalls, IPS and load-balancing devices in the face of DDoS attacks, and what Arbor describes as the “perennial disengagement of most network operators from law enforcement.” Mainstream security devices, says the report, are still “failing under DDoS attacks due to state-table exhaustion.”
On law enforcement, network operators lack confidence in LEA’s ability and willingness to investigate online attacks, and “evince strong dissatisfaction with current governmental efforts to protect critical infrastructure.”