Researchers Challenge Security Data - Tech Learning

Researchers Challenge Security Data

Contrary to popular belief, nearly 75 percent of denial-of-service attacks come from a small number of troublemakers.
Publish date:

Courtesy of Dark Reading Conventional wisdom about the sources and causes of denial-of-service (DOS) attacks -- and the best methods for preventing them -- could be completely wrong, according to a group of researchers. Researchers at the University of Michigan, Carnegie Mellon University, and AT&T Labs-Research said they have completed a study that debunks the widely-held belief that DOS attack traffic is usually generated by a large number of attack sources disguised by spoofed IP addresses. In its study, the group found that 70 percent of DOS attacks are generated by less than 50 sources, and a relatively small number of attack sources account for nearly 72 percent of total attack volume. IP spoofing, long thought to be the most popular vector for launching a DOS attack, was found in only a few instances, the researchers said. In the past, sources of DOS attacks were tracked by measuring "backscatter," the amount of unwanted traffic sent to unused address blocks, the researchers observed. Examining this type of traffic helps expose conversations generated between spoofed IP addresses and unknown recipients. But because this measurement technique assumes the DOS attack was launched through spoofed IP addresses, it doesn't account for DOS attacks launched via botnets, which have become a much more attractive vector for attackers, the research team said. The new study combines traditional indirect measurement of backscatter with direct measurement of Netflow and alarms from a commercial DOS detection system. The resulting data suggests the vast majority of DOS traffic is coming not from hundreds of sources across the Web, but from a few sources that can be pinpointed and eliminated from everyday traffic flows, significantly reducing the impact of DOS traffic on a network or server. The new data also suggests that current methods of preventing DOS, which assume large numbers of sources using IP spoofing, need some rethinking. "Less than 1 percent of the directly measured attacks produced backscatter," according to the paper. "Most attacks (83 percent) consist only of packets smaller than 100 bytes." The directly measured attack volume was highly predictable and often came from the same sources, which suggests that enterprises and service providers could solve a big chunk of the DOS problem simply by blocking traffic from those sources. Enterprises and service providers "can reduce a substantial volume of malicious traffic with targeted deployment of DOS defenses," the group said. Makers of DOS defense tools said they could not comment until they had a chance to review the research.



Web Research: Ten Tips for the Techno-Challenged

You're in charge and supposed to know everything when it comes to technology. But shhhhh, you don't. Not to worry. Here's your chance to secretly learn a few key, time-saving facts about Internet research. First, some assumptions: You use Internet Explorer 6.0 (or later) or Netscape 7.2 (or later) as your Web browser

Data Security: Fighting Off Cyber-Hackers

High-speed access to the Internet may be great for improved information retrieval, but it has its dark side. For example, do increasing numbers of pop-up ads appear in your browser window? Think they're totally innocuous? Think again! Pop-ups may be evidence of intruders infecting your computer with malicious software

Aerohive Announces Security Solution to Protect Networks from IoT Attacks promo image

Aerohive Announces Security Solution to Protect Networks from IoT Attacks

Aerohive Networks® (NYSE:HIVE) today detailed its Internet of Things (IoT) security solution for Wi-Fi and wired networks. Built on Aerohive’s Software Defined LAN (SD-LAN), Aerohive’s solution helps protect networks from attacks, such as the October 16th Mirai botnet DDoS attack, which recruited over a half-million devices in a coordinated strike that brought down a large swath of popular internet services, including Twitter, Spotify, Airbnb, Netflix and Reddit. Aerohive will be discussing Wi-Fi security on Facebook Live on November 3, 2016.

Security in a Box

These days, security has become a loaded word. Security has increased just about everywhere—on subways and buses, in airports, and at courthouses. Security is critical on information networks, too. As many school IT specialists have learned the hard way, hackers, viruses, spam, and spyware lurk behind every

A Beginner's Guide to School Security

While the creation of a global computer network has brought a wealth of new resources and opportunities to education, it's also opened a Pandora's box of security concerns for district technology staff and other administrators. From students downloading unauthorized software to the threat of viruses destroying

Secure Your Wireless Network

Imagine a completely wireless school, an open network in which all students and staff can roam around using laptops or handheld computers to browse the Internet, access files and applications on the school server, and communicate with each other and the world via e-mail. It's a great picture — and at some