What is a DDoS attack?

Generally attacks involve a multitude of systems compromised by a hacker attacking a single target with incoming messages, forcing it to shut down and preventing access for legitimate users.

DDoS attacks have been around since the birth of the internet, but with an increasing amount of commerce and conversation taking place online, their impact has become greater over time.

Attacks tend to come in two types: volumetric and application layer. Volumetric attacks typically involve flooding a system to make it unresponsive or unreachable to target users.

Application layer attacks make requests that consume resources deep within a network and do not require a large volume of connections to be effective, meaning they are harder to detect.

DDoS attacks cannot be halted once they have started and can only be mitigated through protection methods put in place.

The impact of a DDoS attack is generally the same for all carrier types, be they a Tier 1, a country incumbent or a competitive Tier 2. Attacks take up network resources that should be there for a carrier’s customers and can also cause collateral damage, affecting other customers in the same area or same set of IP blocks as the target.

A DDoS attack on a customer at a data centre can have a more severe impact as the hacker or hackers may not know which part of the facility to attack to reach their target. This means that they will often attack the IP ranges for the whole data centre, affecting all customers that utilise it, before they refine their attack over time.

Generally attacks are directed at enterprises rather than carriers themselves. Although both can be targets, Tier 1 carriers tend to have so much capacity and infrastructure in place that an attack won’t have much impact upon them.

Losses to an enterprise as the result of an attack can be in the thousands or even millions of dollars as a result of customers being unable to access online services.

NTT Communications has DDoS protection infrastructure in Asia, Europe and the US, where the majority of attacks occur. The carrier also hopes to expand to Latin America in the future as the ICT infrastructure on the continent develops and attacks become more prevalent.

The first line of NTT’s defence is its 24/7 network operations centre (NOC). Within the carrier’s NOC there is a specialist Security and Abuse Team (SAT) specifically tasked with handling attacks that are affecting network performance and customers.

The carrier’s second line of defence is a tool called blackholing, which allows a customer to drop attacking traffic at the edge of a specific host in a border gateway protocol session. Blackholing is a blunt method of mitigation and has the disadvantage of preventing all traffic from reaching an IP block, both good and bad.

In a bid to provide a more elegant solution, NTT also offers its DDoS Protection Service (DPS) as a third line of defence. The DPS offers paying customers more robust protection by enabling good, legitimate traffic to still be filtered through during an attack while blocking out the attacking traffic.

DDoS attacks are not just becoming more complex but also more sophisticated, according to NTT’s executive VP of the Global IP Network, Michael Wheeler. Multiple types of attacks are increasingly being combined and directed towards a target, making mitigation more complex.

Attacks by professional groups are also becoming more sophisticated, with an initial attack wave used to gauge a target’s mitigation response, before re-engaging in a more focussed manner as a result.

However, the mitigation response to attacks is also evolving in parallel, with DDoS protection specialists improving their knowledge of the nature of attacks and how to mitigate them more effectively.

Through knowledge from past attacks, specialists like NTT’s SAT are able to identify regional DDoS trends and protect customers more effectively as a result.

NTT Communications
+1 877 868 8638 | +1 877-8NTT-NET

info@us.ntt.net

www.us.ntt.net