Distributed Denial of Service (DDoS) Case Study – The Google Attack, 20201
Distributed Denial of Service (DDoS) attacks are now commonplace. A DDoS attack will delay or fully block your online services—email, blogs, and everything else that connects to the internet—whether you’re a small non-profit or a large multinational corporation. Furthermore, DDoS attacks are often used to divert your attention away from other illegal activities, such as data manipulation or network infiltration.
The first recorded DDoS attack took place in 1996, when Panix, now one of the oldest internet service providers, was taken down for several days by a SYN flood, a tactic that has since become a standard DDoS attack. DDoS attacks become more frequent over the next two years, and Cisco estimates that the overall number of DDoS attacks will double from 7.9 million in 2018 to over 15 million by 2023.
Total DDoS Attacks
The Google Attack
Google’s Threat Analysis Group (TAG) published a blog update on October 16, 2020, explaining how threats and threat actors are adapting their strategies in light of the 2020 US election. A notice was snuck in at the end of the post by the company:
In 2017, our Security Reliability Engineering team measured a record-breaking UDP amplification attack sourced out of several Chinese ISPs (ASNs 4134, 4837, 58453, and 9394), which remains the largest bandwidth attack of which we are aware.
The assault on thousands of Google IP addresses, launched from three Chinese ISPs, lasted six months and peaked at a breath-taking 2.5 Tbps. Damian Menscher, a Google Security Reliability Engineer, wrote:
The attacker used several networks to spoof 167 Mpps (millions of packets per second) to 180,000 exposed CLDAP, DNS, and SMTP servers, which would then send large responses to us. This demonstrates the volumes a well-resourced attacker can achieve. This was four times larger than the record-breaking 623 Gbps attack from the Mirai botnet a year earlier.
Case Discussion Questions:
- Why such a huge company like Google will be a target for DDoS?(30 points)
- What can be done to mitigate the impact of DDoS?(20 points)
- Explain, briefly, how Address Resolution Protocol (ARP) is an example of a Man-in-the-Middle (MitM) attack? (30 points)