Arbor Networks Publishes Visual Review of DDoS Attack Tools

Share Article

Explosion of DDoS Tools Is Game Changer for Enterprise Security

Arbor Networks, Inc., a leading provider of security and network management solutions for next-generation data centers and carrier networks, today published an in-depth visual review of DDoS tools that are used in the Internet underground and that can be used for "Hacktivist" purposes. As part of its 7th annual Worldwide Infrastructure Security Report also released today, the company has published data on the increasing frequency and complexity of DDoS attacks that threaten the availability of enterprise data center services.

The explosion of opt-in DDoS attack tools is a game changer for enterprise security. These tools have empowered anyone with an Internet connection to launch DDoS attacks. This has profound implications for any business operating online. The risk of attack is now exponentially greater than in the recent past, commanding the need for a layered defense strategy in the enterprise.

In a blog post titled Attack of the Shuriken: Many Hands, Many Weapons, Arbor has provided a peek into the underground by examining more than 50 popular DDoS attack tools from the simple to the complex, as well as reviewing contemporary and historical threats. The research comprises a broad range of tools such as single user flooding tools, small host booters, shell booters, Remote Access Trojans (RATs) with flooding capabilities, simple DDoS bots, complex DDoS bots and commercial DDoS services.

“Our research shows that even many of the less sophisticated tools have Remote Access Trojan functionality to perform password theft, download and execute other malware, sniff keystrokes and other malicious activities. In addition to the threats to confidentiality, actual incidents have shown that simple flooding tools such as a host booter can take down enterprise-class firewalls from either side of the firewall due to state table exhaustion,” said Curt Wilson, a member of Arbor’s Security and Engineering Response Team (ASERT).

Best Practice: Layered Approach to DDoS Defense
“In the face of this rapidly changing threat landscape, and increasingly sophisticated attacks, the DDoS problem is now a top concern of enterprise IT teams,” according to Rob Ayoub, Frost & Sullivan Global Program Director for Network Security. “Many security teams rely on traditional security products such as firewall, intrusion prevention system and web application firewall devices to protect their organizations from a variety of threats, including DDoS attacks. Though these devices are essential elements of a sound security strategy, they simply are not designed to stop highly complex DDoS attacks. A layered approach is required for protection against DDoS attacks.”

Arbor believes that the only way for enterprises and cloud operators to have optimal protection against DDoS attacks is through a combination of on-premise and in-cloud protection. Working with its Internet service provider (ISP) and managed security services provider (MSSP) customers, Arbor has developed a protocol to facilitate both customer edge mitigation of application-layer attacks and upstream mitigation of volumetric attacks in an automated and real-time manner.

Cloud SignalingSM
Developed by Arbor Networks, Cloud Signaling functionality is an efficient and integrated way of bridging the enterprise data center to the service provider cloud. Cloud Signaling connects the on-premise Pravail™ APS device with the cloud-based Peakflow® SP solution that powers more than 50 DDoS managed security services offerings. Cloud Signaling helps to ensure the availability of enterprise data center infrastructures and speed time-to-mitigation for DDoS attacks.

When a data center operator discovers that he is under a service-disrupting DDoS attack, he can choose to mitigate the attack in the cloud by triggering a signal to upstream infrastructure of the provider’s network. A volumetric DDoS attack congesting the upstream links would promptly diminish or disappear altogether from the data center’s access links, protecting service availability. Enterprise customers also benefit from real-time monitoring of the attack mitigation, as well as granular post-mortem reports, with details of the attack and the steps taken by the operator to mitigate the attack. This method helps data center operators maintain control and stay in command of the event, as well as establish best practices. The addition of Cloud Signaling into the ISP/MSSP portfolio further strengthens the overall managed DDoS service offering by providing customers with complete DDoS protection from a single dashboard. Cloud Signaling enables the enterprise data center operator to reduce time to mitigation and increase the effectiveness of response against DDoS threats, thus saving the company from major operational expense and helping to preserve the company’s brand and reputation.

About Arbor Networks
Arbor Networks, Inc. is a leading provider of network security and management solutions for next-generation data centers and carrier networks, including the vast majority of the world's Internet service providers and many of the largest enterprise networks in use today. Arbor's proven network security and management solutions help grow and protect customer networks, businesses and brands. Through its unparalleled, privileged relationships with worldwide service providers and global network operators, Arbor provides unequalled insight into and perspective on Internet security and traffic trends via the ATLAS® Active Threat Level Analysis System. Representing a unique collaborative effort with 100+ network operators across the globe, ATLAS enables the sharing of real-time security, traffic and routing information that informs numerous business decisions.

For technical insight into the latest security threats and Internet traffic trends, please visit our website at http://www.arbornetworks.com and our blog at ddos.arbor.net.

Trademark Notice: Arbor Networks, Peakflow, ArbOS, How Networks Grow, ATLAS, Pravail, Arbor Optima, Cloud Signaling and the Arbor Networks logo are all trademarks of Arbor Networks, Inc. All other brand names may be trademarks of their respective owners.

# # #

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Lucie Mann
Lois Paul & Partners
617.986.5863
Email >

Jo Jamieson
Harvard Public Relations
44 020 7861 2831
Email >
Visit website