The recent distributed denial of service (DDoS) attacks by supporters of the WikiLeaks organization were relatively small among all DDoS attacks, but the outsized media reaction to them brings needed attention to the threat of DDoS attacks in general and to the protections enterprise networks need to take, according to IT security experts.
After WikiLeaks.org released thousands of documents with confidential information about U.S. State Department cables, the third such document release this year, financial services companies such as Visa, MasterCard and PayPal were among those cutting off funding to WikiLeaks. Supporters of WikiLeaks retaliated by launching DDoS attacks against those companies' Web sites earlier this month.
While traffic to those sites was interrupted for a short period, the attacks were small and of limited effectiveness, according to an analysis by Arbor Networks. Despite the attention of mainstream media such as CNN, ABC News and CBS News, among others, "most of the attacks over the last week were both relatively small and unsophisticated," writes Arbor Networks' Craig Labovitz in a Dec. 14 blog post titled "The Internet Goes to War."
According to Arbor's analysis, the DDoS attacks on WikiLeaks' site hosting providers, some of which also severed ties with WikiLeaks over the disclosures, never grew beyond 3 to 4Gbps, meaning that's the speed at which Web page requests were hitting those sites. The point of a DDoS attack is to overwhelm a site with access requests so that the site goes down. Labovitz describes the attacks as "fairly routine" and "more of an annoyance than an imminent critical infrastructure threat."
But while the WikiLeaks attacks were relatively small, DDoS attacks can have collateral effects on other Internet traffic, says Danny McPherson, VP of research and development at VeriSign. A DDoS attack can travel the same path as legitimate Internet traffic and can slow that traffic down, McPherson says.