How this attack works

These attacks do not require a server or network vulnerability. Attackers overwhelm resources with legitimate-looking requests to exhaust CPU, memory, connection slots, or packet-handling capacity. Imagine a PO box that receives so much bulk mail in one day the post office must start returning mail because there’s no room — that’s what a DDOS does to a server.

This is what tipped us off:

What we observed

Typical VLAN traffic averages about 35 kbps. During the attack we saw interfaces stuck at 4+ Mbps, which is alarming even though the network can carry more than 10 Gbps. The problem here is packets-per-second that strain routers, not raw bandwidth. If we weren’t using octa-core routers and modern edge filters, some services would have dropped.

All traffic used user-agents reporting Mac 11 and Chrome 87, which we believe are forged. The bulk of requests originated from IP ranges in China, with occasional sources in the U.S., EU, and Russia. Right now they appear to be targeting an American Christian church site for bandwidth exhaustion.

On other sites, such as an office furniture site, attackers retried repeatedly over several hours to force downtime:

Mitigation status

So far we have mitigated the attack and it has not grown in strength. We have seen short bursts since it began, but upstream filters and our edge rules have been effective.

We have collected more than 11,000 IPs making blanket requests. As upstream providers apply filters, the attackers’ effectiveness drops and the attack eases.

The attack pattern looks random across subnets and networks. It does not appear to target a specific site type beyond being U.S.-focused.

UPDATES

5:46 am: Our upstream providers report this may form part of a larger campaign meant to strain United States internet infrastructure. They see similar attacks across many customers.

5:52 am: We have almost entirely neutralized the initial DDOS surge.

11:00 am: Attackers shifted to Slowloris-style tactics, attempting to hold many slow connections and strain servers at the application layer. We adjusted timeouts and connection handling and again mitigated these attempts. The transition is visible below:

3:35 pm: Issue closed. Attacks have ceased and we do not expect further impact to our services at this time.

We will continue to monitor traffic and remain in constant contact with upstream providers. If anything changes, we will post updates here.

The post DDOS Attack on Web Ports appeared first on Tarheel Media Digital Marketing.

The Role of Net Neutrality

Net neutrality advocates for equal treatment of internet traffic, prohibiting Internet Service Providers (ISPs) from discriminating against specific types of data or giving preferential treatment to certain websites or services. It aims to maintain an open and level playing field, promoting innovation, competition, and free expression online. However, as with any policy, there are potential drawbacks that need to be examined.

Network Security Concerns

One of the concerns raised regarding net neutrality is its impact on network security, particularly in relation to Distributed Denial of Service (DDoS) attacks. DDoS attacks exploit the openness of the internet by overwhelming a target’s network with a massive volume of traffic, rendering their services inaccessible. Without the ability to discriminate or manage IP traffic based on network reputation, ISPs may face challenges in mitigating DDoS attacks effectively.

Addressing Abuse Complaints

Another aspect that can complicate the net neutrality discussion is the handling of abuse complaints. Net neutrality’s emphasis on equal treatment can limit an ISP’s ability to take immediate action against abusive behavior originating from a specific IP address or network. By restricting the ISP’s options, malicious actors can exploit the network’s neutrality, allowing the persistence of harmful activities and creating challenges for maintaining a secure digital environment.

DNS Amplification Attacks

Furthermore, net neutrality poses challenges when dealing with DNS amplification attacks. These attacks utilize the inherent openness of the Domain Name System (DNS) infrastructure to amplify the volume of traffic sent to a target network. As these attacks enter networks as seemingly legitimate traffic from spoofed IP addresses, the neutral stance of network management can make it more challenging to identify and block such malicious activities promptly.

The Role of AI in Network Management

As our digital ecosystem continues to evolve, artificial intelligence (AI) is playing an increasingly significant role in network management. With AI-driven technologies, ISPs can enhance their ability to monitor, detect, and respond to network security threats more efficiently. However, the neutral stance of net neutrality might impede the deployment of AI-based solutions, hindering the industry’s progress in combating emerging cyber threats effectively.

Conclusion

The concept of net neutrality is a complex and multifaceted one, with proponents highlighting its importance in fostering an open and equal internet experience. However, it is crucial to consider the potential challenges it poses, particularly in terms of network security, DDoS attacks, DNS amplification, and the increasing dependency on AI. Striking a balance between open internet principles and the need for robust network security measures is essential to ensure a safe and reliable digital environment for all users.

At Tarheel Media, we recognize the intricacies of net neutrality and the evolving landscape of network security. With our expertise in digital marketing, web design, and network management, we are committed to assisting businesses in navigating these complexities. Contact us today to discover how we can help you maintain a secure online presence while maximizing the potential of the open internet.

The post Net Neutrality: Navigating the Interplay Between Open Internet and Network Security appeared first on Tarheel Media Digital Marketing.