Welcome!

Enterprise IT Context for the CTO

Bob Gourley

Subscribe to Bob Gourley: eMailAlertsEmail Alerts
Get Bob Gourley via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Blog Feed Post

DDoS Attacks: What Happened And What We Should Do About It

Bob Gourley

The security community has been watching the DDoS threat grow to incredible levels. DDoS attacks are up 75% over last year. Over 30% of attacks reach sustained peaks of over 10 Gbps, an amount that will swamp most every business user. Some very large attacks have gone as high as 600 Gbps, a size that is overwhelming to the largest infrastructure providers.

On 21 October 2016 one of these very large attacks occurred against Internet infrastructure provider Dyn. This resulted in outages of many highly popular sites, disrupting access to Amazon, Twitter, Reddit, Airbnb, New York times, Spotfiy, Netflix and many others. Dyn provides many advanced services to these providers including managing their DNS. Since DNS is critical to how computers find other computers, traffic to these major sites was impacted because of the Dyn DDoS attack.

The probable attack vector was compromised IoT devices controlled by malicious code called "Mirai".  This software scans the Internet for devices that still use default passwords, and then uses common protocols like telnet to log into those devices. After doing that it is in control of the device. The code actually hardens the devices a little bit to prevent other attacks against it. From that point on the device can be used as a node in a DDoS attack.

What can be done to prevent this attack or mitigate the impact of similar attacks when they occur? We provide our thoughts here, segmented into recommendations for Home Users, Business Users and Local, State, Federal Governments.

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder and partner at Cognitio Corp and publsher of CTOvision.com