Apparently the DDoS threat is growing to a point where it is becoming a major concern for data center managers as firewall products’ efficiency is failing.
The security testing organization NSS Labswhich recently discovered that 3 out of 6 firewall devices stop operating when tested for stability. DDoS has been a major threat for network operators for over ten years since their appearance, but recently these attacks have become more aggressive and have increased in frequency and impact.
DDoS is a “distributed denial of service” and is a violation of the policies of all Internet service providers. The way it works is by sending a great load of requests or ‘attacks’ to the targeted computer. These attacks then force the computer to reset itself or to consume its own resources. As a result, the machine is no longer able to provide its intended service and drops the communication with its user. DDoS targets are mainly sites hosted on high-profile servers such as credit card companies or banks.
When DDoS attacks are successful, they lead to significant outages, OPEX (increased operational expenditures), revenue loss and frustrated customers. Unfortunately, the capacity of security products such as firewalls and IPS is limited and the attackers are well aware of it. They can easily exhaust the application layer resources and cause significant downtime.
According to a recent study conducted by Arbor Networks, the volume of DDoS attacks has reached out 100Gbps barrier or, in other words, the DDoS attacks are growing in number and strength.
In order to reduce risk, specialists suggest that large state-exhaustion attacks must be stopped in the ISP/MSSP because this is where the attacks occur. A packet-based detection and protection against all kinds of DDoS is required as well.