[Ndn-interest] Largest DDoS attack ever delivered by botnet of hijacked IoT devices

Cedric Westphal Cedric.Westphal at huawei.com
Mon Sep 26 11:43:37 PDT 2016


That's very interesting. But since it's sent on this mailing list: would NDN be an answer to this? If the millions of IoT devices involved in the attack request a distinct object under the attacked page's prefix, it would happen exactly the same way, wouldn't it? And if all requests are for the same name, then it's the caching infrastructure of the high degree nodes that becomes attacked and shifting the attack target from akamai to a highly connected router is not a good trade-off. 

C.

-----Original Message-----
From: Ndn-interest [mailto:ndn-interest-bounces at lists.cs.ucla.edu] On Behalf Of Christos Papadopoulos
Sent: Sunday, September 25, 2016 6:04 PM
To: ndn-interest at lists.cs.ucla.edu
Subject: [Ndn-interest] Largest DDoS attack ever delivered by botnet of hijacked IoT devices

http://www.networkworld.com/article/3123672/security/largest-ddos-attack-ever-delivered-by-botnet-of-hijacked-iot-devices.html

Apologies if you have seen this already, but 600+Gbps DDoS attack from 
IoT devices is truly remarkable. Moreover, it was *not* and reflection 
attack! The target was protected by Akamai, who had to drop them (it was 
hosted pro-bono) after a few days of sustained attack because it was 
costing too much.

There are a few elements that might make this event a game changer. (a) 
from now on, people may want to always talk about security in IoT, (b) 
it raises questions about protecting the little guy from DDoS, the 
customer here found a home at Google's Project Shield, but obviously 
this is not scalable, and (c) cloud protection from DDoS is not a 
general solution despite what cloud providers will have you believe.

To me such events bring to focus the weaknesses and fragility of the IP 
architecture. With billions of IoT devices projected in the future, even 
one packet/second (or even per minute) from a fraction of these devices 
would be enough to cause real damage. We all know about the code quality 
and ease of patching of IoT devices, this will not change.

Maybe Bruce Schneier 's near-apocalyptic thoughts are not too far off.

https://www.schneier.com/crypto-gram/archives/2016/0915.html#2

Christos.


_______________________________________________
Ndn-interest mailing list
Ndn-interest at lists.cs.ucla.edu
http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest




More information about the Ndn-interest mailing list