DDoS — An Attacker’s Perspective

As you know, the evolution of Distributed Denial-of-Service (DDoS) attacks has many organizations scrambling to defend themselves. Even with defenses in place, a site is never truly protected until the defense is tested.

Our team has been busy as of late; ensuring mitigation solutions are living up to their claims and ensuring the quality of defenses through our DDoS testing service. In a recent press release, we announced a “Battle-Test” of ZENEDGE’s (a cloud-based globally distributed cybersecurity platform) DDoS Mitigation Solution. I had an opportunity to sit down with our lead DDoS Engineer at DDoS Strike, Michael Bennett, and discuss the mindset of a DDoS attacker prior to an attack, or in this case, the mindset of a DDoS tester. During our conversation we discussed how attackers know where a target is vulnerable, complications that can arise during attacks, and the experience of testing ZENEDGE’s Solution.

During our discussion Bennett mentioned the goals of an attacker. Their main focus is figuring out how to take down the site using a DDoS attack. To do this the reconnaissance and research stage of a target is leveraged, whether it is a trained engineer or your typical hacker looking to cause chaos. It is typical that an attacker knows areas of weakness and exploitation, as they commonly do their homework on the potential target.

His experience throughout this ZENEDGE “Battle Test” reassured his strong belief that there’s always a possibility for configuration issues to arise when testing a DDoS solution for the first time. With this, he said “ZENEDGE was extremely quick with making adjustments on the fly.”

This type of a testing situation shows two things: the first is that an experienced attacker will notice where they can specifically target on a site for a more effective attack; the second is that testing a solution allows vendors to better fine-tune their defenses. Bennett credited ZENEDGE and their defense team in their ability to react quickly to attacks and have an interactive approach with their clients.

Many times attacks turn into a large battle between the attackers and the solution. The more resources used and precautions taken by an organization will make the difference in an effective defense effort. Testing is a precaution both the solution — and the organization using the solution — should take in order to maximize their resilience to a DDoS attack. Bennett noted that organizations are better off with cloud mitigation, as they can handle a larger load from an attack, leaving you less vulnerable. One interesting point that Bennett notes about ZENEDGE’s defense is:

“A commonly-employed defense is using rate limits and thresholds to detect and block malicious actors. While this can be an effective defense, ZENEDGE also used JavaScript challenges on top of that, which usually result in far less false positives while allowing you to configure lower rate thresholds. Their platform is also an all-in solution where you get static caching, DDoS scrubbing, and WAF protection — all from a single service.”

The DDoS Strike Engineers from Security Compass really enjoyed their experience testing ZENEDGE’s DDoS Mitigation, and had the opportunity to learn a lot about their defense. ZENEDGE had a great opportunity to test their solution as all Mitigation providers should. From the perspective of these testers this defense lived up to their claim by being thoroughly tested and approved. It is only when a solution is tested that an organization should feel confident that their defense is capable of protecting them.

Share this article on Linkedin