Can your DDoS defenses stand this coming season’s attacks?

Will new DDoS attacks circulate this season?

YES: NTP was the new reflection/amplification attack at the beginning of the year, as well as some sightings of SNMP reflection/amplification attacks. Over the last quarter, it was observed that SSDP was also starting to be used for reflection/amplification attacks. This year also saw the well known SYN flood attack mutate into the Tsunami SYN flood attack showing that even older DDoS attacks can evolve and become more dangerous.

When will DDoS attack activity begin and peak this season?

DDoS attacks occur all the time and usually without warning. In 2013 Akamai observed that Q4 had the highest number of DDoS attacks over any other quarter.

What should I do to prepare for this season?

Ensure you have defences in place and test to make sure they’re properly configured and capable of performing the way they are expected to. DDoS Strike is the perfect way to ensure defences will keep you protected.

Types of DDoS attack that can hit your infrastructure this season:

Layer 7
  • Basic & Advanced HTTP/S Floods
  • Other CVE Attack Vectors
  • Slow Loris / Slow POST
  • Various other protocols (SMTP, DNS, SNMP, FTP, IKE)
  • Large Form submissions
  • Customized attacks
  • Database/Resource exhaustion
Layer 6/5
  • SSL Renegotiation flood
  • DNS Query flood
  • SSL Exhaustion
  • DNS NXDOMAIN flood
Layer 5/4
  • Various Connection floods/exhaustion
Layer 4
  • Various types of TCP floods
  • Mimicked reflection/ amplification attacks
  • UDP flood
Layer 3
  • ICMP Flood
  • IP/ICMP Fragmentation
  • BGP Hijacking

Recommendations for the 2015 season

DDoS Strike is a preventative approach that will QA your DDoS mitigation infrastructure to make sure your infrastructure defense system can handle this seasons attacks.

How effective is DDoS Strike?

DDoS Strike is designed to be highly dynamic, allowing us to customize an attack on the fly. We’re able to start, stop, slow or speed up an attack, dynamically grow or shrink the number of attacks, and even change the type of attack or run simultaneous attacks.

How does DDoS Strike work?

We use the same approach a sophisticated attack would use. We perform a black box recon on infrastructure using the same information available to attackers. We identify potential targets and weaknesses, and after agreeing on a target, launch the attack as either a drill or collaborative exercise where you can monitor the effects of the attack on your infrastructure and provide feedback to help dynamically shape the attack or test specific components of your defense.

How do I make sure it doesn’t affect profit lines during testing?

Multiple fail-safes and mechanisms of control in place to ensure things remain under our control. Also because of the dynamic nature of the service we have a high level of control over the attack, allowing us to start an attack small and slowly grow it to scale while the effects are being closely monitored. At the first sign of trouble we can stop the attack before there is any impact to the business.

Where can I get DDoS Strike?

Let Security Compass battle test your DDoS migration process.

Get your prescription

Security Compass Logo