CybersecurityA third of the internet is under DoS attack

Published 3 November 2017

For the first time, researchers have carried out a large-scale analysis of victims of internet denial-of-service (DoS) attacks worldwide. And what they found is, in a phrase from their study, “an eye-opening statistic.” The researchers found that about one-third of the IPv4 address space was subject to some kind of DoS attacks, where a perpetrator maliciously disrupts services of a host connected to the internet. IPv4 is the fourth version of an Internet Protocol (IP) address, a numerical label assigned to each device participating in a computer network.

Study by SDSC’s CAIDA group finds millions of network addresses subjected to denial-of-service attacks over two-year period

For the first time, researchers have carried out a large-scale analysis of victims of internet denial-of-service (DoS) attacks worldwide. And what they found is, in a phrase from their study, “an eye-opening statistic.”

Spanning two years, from March 2015 to February 2017, the researchers found that about one-third of the IPv4 address space was subject to some kind of DoS attacks, where a perpetrator maliciously disrupts services of a host connected to the internet. IPv4 is the fourth version of an Internet Protocol (IP) address, a numerical label assigned to each device participating in a computer network.

“We’re talking about millions of attacks,” said Alberto Dainotti, a research scientist at CAIDA (Center for Applied Internet Data Analysis), based at the San Diego Supercomputer Center (SDSC) at the University of California San Diego  and the report’s principal investigator. “The results of this study are gigantic compared to what the big companies have been reporting to the public.”

Added the study’s first author, Mattijs Jonker, a researcher with the University of Twente in The Netherlands and former CAIDA intern: “These results caught us by surprise in the sense that it wasn’t something we expected to find. This is something we just didn’t see coming.”

UCSD says that the study – presented 1 November 2017 at the Internet Measurement Conference in London and published in the Proceedings of the Association for Computing Machinery (IMC ’17) – sheds light on most of the DoS attacks on the internet, its victims, and even the adoption of commercial services to combat these attacks.

Two predominant types of DoS attacks, intended to overwhelm a service by a sheer mass of requests, are highlighted:

· “Direct” attacks, which involve traffic sent directly to the target from some infrastructure controlled by the attackers (e.g. their own machines, a set of servers, or even a botnet under their command.) These attacks often involve “random spoofing”, characterized by faking the source IP address in the attack traffic.

· “Reflection” attacks, during which third-party servers are involuntarily used to reflect attack traffic toward its victim. Many protocols that allow for reflection also add amplification, causing the amount of reflected traffic sent toward the victim to be many times greater than that sent toward the reflector initially.