Your Take on Short DDoS Attacks

SenseiSteve

HD Moderator
Staff member
The WHIR ran an article years ago entitled, “Report: Short DDoS Attacks Can Have Lasting Security Impact,” in which they delved into the security risks of short DDoS (distributed denial of service) attacks.

I’ve never read any discussion of security risks posed by short DDoS attacks, which makes this article so interesting. As the article lays out, short, low-volume attacks can act as Trojan Horses, allowing cybercriminals to disseminate harmful malware.

In this scenario, the goal of these types of attacks is to obstruct IPS (intrusion prevention systems) and firewalls, distracting that business’s IT security personnel long enough for them to install their malware and pilfer their data.

According to Corero, over 70% typically lasted under ten minutes and nearly the same percentage were under 1 Gbps. The reasoning for this is conjectured to be that these cybercriminals don’t want to show their hands via large scale attacks that could cripple a website. Why not? It allows them an avenue to test for vulnerabilities at little risk of being detected.

Your thoughts …
 
Just today one of my startups, a publishing platform, was dealing with a DDoS attack. 1.2 million IP addresses landed on us in the span of 10 seconds. It didn't tank us completely, but connectivity was painfully slow. Luckily we were able to find a way to effectively block the IPs.

I am not sure how effective this method is when it comes to security as I think someone would need more than a few minutes to do real damage, but it's an interesting point.
 
DDOS attacks on popular websites are as normal as it can get. There are few interesting facts about these which we have noticed over the years being an infrastructure management provider.
  1. Most of these attacks are easily traceable. So blocking ips or ip ranges takes care of them keeping them short.
  2. Most of these attacks are taken care off without any human intervention because modern day network hardware as well as data centers are smart. So 90% of the time, they do not affect anything.
  3. Once you grow popular and cross a certain traffic level, it is always important to invest on business continuity things like infrastructure security, ddos mitigation, website security and data backups.
  4. Most businesses tend to skip investing on the right things needed for their online businesses to grow and scale. Short DDOS attacks can be as destructive as targeted large attacks due to the fact that they expose the vulnerable part of your business. These type of attacks are actually probe attacks to plan larger impact ones and so it is important to act on even the shortest of attacks.
  5. After attack analysis is something which most businesses do not do. It is important to idenfity the target of the attack to plug in any lapses to prevent further damage as the shorter version may lead to a much more damaging one..
Short DDOS attacks should be taken as warning to review the entire security of your infrastructure and secure all weaknesses found.
 
I doubt that if you have a good security system in place, such attempts at dark DDoS would be successful. While I wouldn't argue that some attacks would actually target other aspects of a service, most of the DDoS attacks we have handled affected the network speed. With a decent firewall configuration and monitoring, dark DDoS shouldn't be an issue.
 
DDoS represents a significant threat to business continuity. As organizations have grown more dependent on the Internet and web-based applications and services, availability has become really essential.

DDoS attacks also target the mission critical business applications that your organization relies on to manage daily operations, such as email, salesforce automation, CRM and many others.

Additionally, other industries, such as manufacturing, pharma and healthcare, have internal web properties that the supply chain and other business partners rely on for daily business operations.
 
I often notice short ddos attacks on some ips but thankfully ovh automatically mitigates it. In places where I dont use ovh, I generally use atleast minimum ddos protected ips so that me and my customers generally dont need to worry too much on ddos.
 
In simple words you can say, An online service or network resource can become inaccessible to its intended users on the Internet by using a DDoS (Distributed Denial of Service) attack. And DDoS attacks overwhelm machines and their supporting resources by flooding them with thousands or millions of unnecessary requests.
 
Its possible, but really i would say in most cases its just simply without any purpose, done for testing or simply to cause a little "harm" by ddosing to certain individual/company, these things really happen. Most of these attacks really dont require any human intervention, so i cant see it as a decoy tactic.
 
One of the big issues with some of these short attacks is that a lot of providers null route systems. Something we found over the years a lot of those providers rather than release the null route after the attack ends or after an hour. Typically they will null route for 24 hours, causing the 10 minute attack to take the end user down for 24 hours+
 
One of the big issues with some of these short attacks is that a lot of providers null route systems. Something we found over the years a lot of those providers rather than release the null route after the attack ends or after an hour. Typically they will null route for 24 hours, causing the 10 minute attack to take the end user down for 24 hours+
Its a safety protocol with providers, you think. so the attack is 10 mins, so after they release the null route and the attack starts again. ALL big attacks start as short attacks that are not nulled quickly enough.
 
Short DDoS attacks can cause significant harm, even if they are not sustained for an extended period of time. For example, a short DDoS attack targeting a critical service or infrastructure could disrupt operations, causing loss of revenue and damage to the company's reputation.
 
Last edited:
Top