This means that attackers can generate responses that are 50 times larger in size than the queries that triggered them and servers typically have larger bandwidth than home computers and consumer devices that typically make up DDoS botnets.
Also, today's DDoS attacks combine multiple techniques. For example, an attacker in control of a large botnet could direct a portion of it to reflect its traffic through LDAP servers, another portion to abuse DNS servers, another one to perform direct SYN floods or TCP floods and so on. According to an Akamai report from June, over 60 percent of DDoS attacks observed this year used two techniques or more.
The problem with a new, zero-day amplification vector like LDAP is that it isn't diffused, said Dave Larson the CTO of Corero Network Security. Since only a small number of attackers know about it, they can use the full capacity of these exposed LDAP servers to launch attacks. That's not the case with DNS servers for example, which have been mapped and are used for reflection and amplifications by many attackers at the same time, limiting the size of their individual attacks, he explained.
Another thing is that there are already blacklists for DNS, NTP and other type of servers that have constantly been abused in DDoS attacks. Such lists don't likely exist yet for LDAP servers.
The size of DDoS attacks has reached unprecedented levels in recent months, partially because of large numbers of compromised internet-of-things devices. Last month, the blog of cybersecurity reporter Brian Krebs was hit with a 620Gbps DDoS attack launched from a botnet of thousands of hacked routers, IP cameras and digital video recorders. A few days later, French hosting company OVH was hit with a 799Gbps attack from a similar botnet.
Last week, a DDoS attack launched against managed DNS provider Dynamic Network Services (Dyn) rendered many popular websites inaccessible to users on the U.S. East Coast.
Corero's Larson said that increasing numbers of insecure IoT devices combined with new amplification vectors could lead to multiterabit attacks over the next year and even attacks that reach 10Tbps in the future.
UK FENIX ALLIANCE LTD
• Our Mission It is our mission to have the items our customers want, when they want them, at the most competitive prices. We know that being Your Profit Source ® is the key to our own success..
• PRODUCTION EQUIPMENT UK FENIX ALLIANCE LTD is a specialized trading company that supplies components for the development and implementation of projects for the automation of production processes, a wide range of machines and parts for CNC machines. Our goal is a satisfied client..
• Technological process automation: Our specialists will help to select equipment for various automated systems taking into account the production potential of the client’s facilities. Our main clients are engineers and technologists who introduce new automation tools, combining them with existing equipment, or who create technological lines «from scratch».
• UK FENIX ALLIANCE LTD guarantees and benefits: Our company works with manufacturers directly or through authorized dealers, therefore it guarantees high quality components, 100% authenticity, competitive prices and a full package of documents required by law. In addition, there are special price offers! Well-developed logistics and cooperation with the largest couriers allow thousands of our clients worldwide to receive their orders in the shortest possible time.