Application-targeted DDoS attacks increasing: Expert

Be prepared for application layer distributed denial of service (DDoS) attacks, a security expert has warned Canadian service providers.

Jim Deleskie, (pictured) former director of network security for global service provider Tata Communications, told the Canadian ISP Summit on Monday that hackers are turning away from brute bandwidth attacks by infecting hundreds of PCs.

“The bad guys are getting smarter because those are a lot easier to see coming in and defend against,” he said.

Instead, increasingly hackers with one PC can generate a lot of small requests to a target server and bring it down.

For example, he said, one attack he handled over a year ago 180,000 packets a second “and took down a company big enough that I guarantee everyone in this room knows who they are.”

Firewalls are useless defences, he added, while load balancers only delay the problem.

The only answer is a true denial of service appliance that looks for anomalies in network traffic, he said.

The head of a Canadian ISP that was crippled last year knows what it’s like. The man, who asked that neither he nor his company be identified for security reasons, said in an interview it started with short random attacks.

“I didn’t know if it was a switch going out,” he recalled. Then one morning the provider’s DNS servers came under sustained attack of millions of “super small packets” amounting to 12 Gigabytes of data at a time.

For customers, online data “moved like mud.” After five hours the company managed to filter out much of the attack, although it persisted for several days.

“I was the worst five hours of my life,” he said.

Some business customers switched providers, he said, and while they didn’t say it was because of the incident, he suspects it was.

The owner believes the attack originated in China and Vancouver.

Deleskie told the conference that it’s popular to blame attacks on China, Russia and Iran, but analysis shows they come from the United States, Germany and the Netherlands. He’s sceptical that governments are behind many of the attacks.

In an interview Deleskie said that in addition to having DDoS mitigation equipment, ISPs should also have on hand an emergency contact list for vendors and peer providers to call for help.

As a result of the attack the Canadian ISP owner company has instituted improved network security procedures, which he wouldn’t detail.

But he issued this warning to other service providers: “Be prudent. It can happen to you.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now