In what may be the first publicly announced research of its kind, a professor in San Diego has reported results of a study showing that 12,805 denial-of-service (DoS) attacks were launched against some 5,000 targets over a three-week period.
DoS attacks, cyber-assaults on computer systems, do their damage by “flooding” a Web site or other IP (Internet Protocol) address with high volumes of bogus messages such that the systems either cannot deliver service or are hampered in doing so.
The study was conducted by Stefan Savage, chief scientist of Seattle-based Asta Networkswhich markets DoS solutionsand professor of computer science at the University of California, San Diego, along with colleagues David Moore and Geoff Voelker. The researchers believe their study is the only publicly available data quantifying Internet-wide DoS activity.
According to Andrew Konstantaras, vice president of marketing for Asta, the data was gathered by monitoring “a huge portion of the Internet space, 1/256th of it all.”
“We know now with certainty that DoS attacks are even more powerful and prevalent than any one organization has let on,” Savage states. Konstantaras adds that many such attacks are not reported by Internet service providers (ISPs) and other enterprises, because of potential “bad press implications.”
According to Asta, the attack targets documented in the study “ranged from well-known companies such as Amazon.com and AOL to small foreign ISPs and broadband users.”
The study also found that the attacks against commercial targets were “extremely diverse and have the power to significantly hamper service on a wide range of networks.” The majority of the attacks monitored took place fast enough to “overwhelm” the victims attempts at prevention, says Asta.
“12,000 is a very conservative number,” says Konstantaras in reference to the attacks. “There are far more than 12,000 attacks on the whole Internet.”
Asta notes that in an information security industry survey conducted in 2000, 37 percent of companies had suffered a DoS attack over the past year.
The Web site of Mazu Networks, another vendor of DoS solutions, cites figures showing that distributed DoS attacks have increased by 60% over the past three years.
The Savage study also showed that many of the monitored attacks were directed against network infrastructure components, such as domain name servers and routers. “These attacks are especially devastating, because overwhelming a domain name server could deny service to all Web sites that rely upon that server,” Asta explains.
DoS attacks can be targeted at “nearly anyone,” the study states. Most of the attacks were relatively short in duration, with 50% lasting less than 10 minutes and 90% lasting less than one hour. Some attacks actually spanned several days or weeks.
International borders seem to have little to do with who is targeted, the study found, even extending to countries with “relatively poor networking infrastructure.”
“The attacks were well distributed,” notes Konstantaras, adding that the “star country” for DoS attacks is Romania.
Overall, most targets were attacked five or fewer times, the study stated, although five targets were flooded with traffic between 60 and 70 times. “One unfortunate victim was besieged 102 times in one week,” says Asta.