Slashdot Mirror

← Back to Stories (view on slashdot.org)

DARPA Extreme DDOS Project Transforming Network Attack Mitigation (networkworld.com)

Posted by BeauHD on from the on-the-defensive dept.

coondoggie quotes a report from Networkworld: Researchers with the Defense Advanced Research Projects Agency (DARPA) have quickly moved to alter the way the military, public and private enterprises protect their networks from high-and low-speed distributed denial-of-service attacks with a program called Extreme DDoS Defense (XD3). The agency has since September awarded seven XD3 multi-million contracts to Georgia Tech, George Mason University, Invincea Labs, Raytheon BBN, Vencore Labs (two contracts) and this week to the University of Pennsylvania to radically alter DDOS defenses. One more contract is expected under the program. [DARPA says the XD3 program looks to develop technologies that: Thwart DDos attacks by dispersing cyber assets (physically and/or logically) to complicate adversarial targeting, disguise the characteristics and behaviors of those assets to confuse or deceive the adversary, blunt the effects of attacks that succeed in penetrating other defensive measures by using adaptive mitigation techniques on endpoints such as mission-critical servers.]

21 comments

  1. Best of luck by Anonymous Coward · · Score: 0

    You will need it.

  2. They invented p2p! by Anonymous Coward · · Score: 0

    They invented peer-to-peer! A very new concept first envisioned in RFC 1 as host-to-host. Money well spent.

    Who would have think that "put all eggs in one basket" was wrong?

  3. So.... by Anonymous Coward · · Score: 0

    IPv6 then???

    When can I pick up the check?
    Will it bounce?

    1. Re:So.... by Anonymous Coward · · Score: 0

      yes ipv6, round robin your A records to 1,000,000 ipv6 endpoints, good luck DDOS to even 100,000 endpoints

    2. Re:So.... by Anonymous Coward · · Score: 0

      If you actually had 1,000,000 endpoints? Sure.
      If you're just aliasing over shared routes to a small number of endpoints. Not really going to help.

  4. central control = vulnerability to attack by sittingnut · · Score: 3, Interesting

    if anything (eg a network ) require centralized control (to manage , to disseminate , to anything), it is vulnerable to attack .

    "Thwart DDos attacks by dispersing cyber assets (physically and/or logically) to complicate adversarial targeting, disguise the characteristics and behaviors of those assets to confuse or deceive the adversary ..."

    yes good, but that also means losing central control. in will 'complicate' attacks, but will also complicate managing and disseminating etc.

    this is 101.

    1. Re:central control = vulnerability to attack by Anonymous Coward · · Score: 2, Insightful

      Network nodes and many distributed assets don't require central control though. As long as you can provide an unsaturated path to a node or asset you've thwarted a volume based DDOS. Send encrypted control parameters or configuration information across all paths to a node, as long as it gets there it doesn't really matter what path it takes.

      Don't get me wrong, I know it's a hard problem. Replication always is. It definitely will be more difficult to manage and susceptible to new kinds of attack but that doesn't mean it won't be an improvement on the current situation.

  5. DDOSKing by Anonymous Coward · · Score: 0

    Obligatory:
    https://www.youtube.com/watch?...

  6. Run away! by Hognoxious · · Score: 1

    Thwart DDos attacks by dispersing cyber assets (physically and/or logically) to complicate adversarial targeting, disguise the characteristics and behaviors of those assets to confuse or deceive the adversary ...

    So they're going to run away and hide?

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    1. Re:Run away! by Anonymous Coward · · Score: 1

      It did seem a little vague.

      So they're distributing single points of failure (physical location and routes to the node [multihoming presumably]), disabling ICMP (possibly messing with the results [confuse/deceive]) and turning off verbose output on Apache/nginx/node (disguise/hide node characteristics/behaviours)...

    2. Re:Run away! by Anonymous Coward · · Score: 0

      Seems there are two problems in combating DDOS attacks:
      1. Try and mitigate the effects of an attack by making network infrastructure changes and practices.
      2. Identify those who are responsible for the attacks and removing them from the playing field.
      Item 2 would only have to work a few times to scare off the majority of attackers. In fact the US government probably could track down those responsible for DDOS attacks. They probably have not seen a good enough reason to divert resources into tracking those responsible for the attacks. They would also probably not want to reveal their capabilities to the world over minor DDOS attacks.

  7. Cloudflare by Z80a · · Score: 2

    so it's kinda like cloudflare?

    1. Re:Cloudflare by Anonymous Coward · · Score: 0

      With javascript? Then forget it.

    2. Re:Cloudflare by Anonymous Coward · · Score: 0

      Cloudflare + secret, backchannel sub-internet routing + external communication network for OPSEC + thousands of US.mil personnel acting as "hackers" in forums.

    3. Re:Cloudflare by Anonymous Coward · · Score: 0

      Makes you wonder why Secure ARP / DHCP didn't take off. You would think for the military network they could control all machines joining it in the first place.

    4. Re:Cloudflare by Anonymous Coward · · Score: 0

      Makes you wonder why Secure ARP / DHCP didn't take off.

      It is about to.

      https://en.wikipedia.org/wiki/IEEE_802.1AE

      https://linux.slashdot.org/story/16/05/16/0357226/linux-kernel-46-officially-released

  8. Is it really that hard? by Squatting_Dog · · Score: 1

    I admit that I know very little about networking, maybe someone more knowledgeable can tell me why - just blocking an ip that makes more than N connection attempts within Y amount of time won't stop a DDOS? Thanks in advance.....

    1. Re: Is it really that hard? by n0creativity · · Score: 1

      Well as device or multiple devices need to make that distinction and act appropriately. Those devices (routers and firewalls) can become saturated with traffic and even the super expensive ones have limitations on how much traffic they can handle (deny OR allow). So when millions of botnet controlled nodes are sending massive amounts of traffic, it can overload the protective devices, not to mention saturating your Internet links. Some of these DDOS attacks are so huge that they have brought down the systems of the ISPs providing the internet links to the DDOS target.

    2. Re:Is it really that hard? by Anonymous Coward · · Score: 0

      What real attacker do is to allow a number of servers to attack your server. They could even exactly mimic a real user with one click on you website every X second. So now how do you know who is a real user and who is an attacker? But even if they don't and you have your IP block on your server they would still take it down since your server gets 1000x more traffic than it can process and if you ip block or not doesn't matter.
      The solution to this is to push the IP block closer to the source so essentially "distributed IP lock" but it's a fine edge between know what traffic is good and what is bad for a sophisticated attack.

    3. Re:Is it really that hard? by Anonymous Coward · · Score: 0

      Distributed Denial of Service... the traffic comes from a bunch of IP addresses, scattered all over the planet.

  9. Taxation without representation by Anonymous Coward · · Score: 0

    While millions of Americans starve, rich trust fund babies will get to play around with DDOS with absolutely no benefit to all of society.

    Taxation without representation.