Report: ISPs Fear Many More DDoS Attacks in 2010

Heading into 2010, Internet Service Providers (ISPs) are most worried about botnet-driven distributed denial-of-service (DDoS) attacks, according to a report released Tuesday.

Also see: DDoS Attacks are Back and Bigger than Before

Attacks are shifting to cloud-based services and nearly 35 percent of service providers believe that more sophisticated service and application attacks pose the largest operational threat in the next 12 months. Large scale botnet-enabled attacks came in second at 21 percent (Also read: The Botnet Hunters for an inside look at the world of cybercrime fighters). The surveyed was conducted by Arbor Networks, a Massachusetts-based network security firm. The firm surveyed 132 IP network operators around the world for their fifth annual security report. All survey participants are directly involved in network security operations at their respective organizations, according to Arbor Networks.

The poll also found more than half of the surveyed providers reported growth in service-level attacks at one gigabit or less bandwidth levels.

“Such attacks are also driven by botnets and are specifically designed to exploit service weaknesses, like vulnerable and expensive back-end queries and computational resource limitations,” the report states.

Several ISPs reported prolonged, multi-hour outages of prominent Internet services during the last year due to application-level attacks. These service-level attack targets included distributed domain name system (DNS) infrastructure, load balancers and large-scale SQL server back-end infrastructure, the report said.

Over the last six years, service providers reported a near doubling in peak DDoS attack rates year-to-year. Peak attack rates grew from 400 Mbps in 2001 to more than 40 Gbps in 2007. However, officials noted providers reported a peak rate of only 49 Gbps in the most recent report, which is lower than the 22 percent growth over the previous year.

The report also points to a convergence of issues, or a “perfect storm,” that are facing the Internet architecture and operations community, including looming IPv4 address exhaustion and the preparedness for migration to IPv6, DNSSEC and to 4-byte ASNs.

“Any one of these changes alone would constitute a significant architectural and operational challenge for network operators; considered together, they represent the greatest and potentially most disruptive set of circumstances in the history of the Internet, given its growth in importance to worldwide communications and commerce.”