Cloud DDoS Mitigation Services Can Be Easily Bypassed

An anonymous reader writes: A recent research paper shows that most Cloud-Based Security Providers are ineffective in protecting websites from DDoS attacks, mainly because they cannot entirely hide the origin website's IP address from attackers. As five security researchers from Belgium and the U.S. are claiming, there are eight methods through which these mitigation services can be bypassed. The techniques of obtaining a website's origin IP address rely on hackers searching through historical Web traffic databases, in DNS records, subdomains that resolve to the main domain directly, the site's own source code, when the main website triggers outbound connections, via SSL certificates, via sensitive files hosted on the website's server, and during migration or maintenance operations on the mitigation service itself, which leaves the target website temporarily exposed.