[Ndn-interest] Largest DDoS attack ever delivered by botnet of hijacked IoT devices
Christos Papadopoulos
christos at colostate.edu
Sun Sep 25 18:04:26 PDT 2016
http://www.networkworld.com/article/3123672/security/largest-ddos-attack-ever-delivered-by-botnet-of-hijacked-iot-devices.html
Apologies if you have seen this already, but 600+Gbps DDoS attack from
IoT devices is truly remarkable. Moreover, it was *not* and reflection
attack! The target was protected by Akamai, who had to drop them (it was
hosted pro-bono) after a few days of sustained attack because it was
costing too much.
There are a few elements that might make this event a game changer. (a)
from now on, people may want to always talk about security in IoT, (b)
it raises questions about protecting the little guy from DDoS, the
customer here found a home at Google's Project Shield, but obviously
this is not scalable, and (c) cloud protection from DDoS is not a
general solution despite what cloud providers will have you believe.
To me such events bring to focus the weaknesses and fragility of the IP
architecture. With billions of IoT devices projected in the future, even
one packet/second (or even per minute) from a fraction of these devices
would be enough to cause real damage. We all know about the code quality
and ease of patching of IoT devices, this will not change.
Maybe Bruce Schneier 's near-apocalyptic thoughts are not too far off.
https://www.schneier.com/crypto-gram/archives/2016/0915.html#2
Christos.
More information about the Ndn-interest
mailing list