Hi, everybody, Ed Amaroso, here. And in this video, I want to revisit some issues related to distributed denial of service, DDoS attacking, the corresponding defenses that we do for DDoS, and what the implications are for a global infrastructure. We need to spend some time digging into that a little bit. Let's revisit and make sure we're all on the same page in some sense about how a DDoS attack is typically accomplished. We all know that a botnet would be a whole series of computers that have been infected. They've got malware embedded on them. There's a command and control that tells each of these bots to drive some sort of traffic at a target. It's going to go across ISP and internet infrastructure. It's going to be aimed at that target. And if there are security in place, then the way that would work is the security or DDoS detection would see the traffic volumes, would use protocols such as the border gateway protocol, BGP, to redirect traffic away from the target. It's a special capability we usually refer to as DDoS scrubbing, special firewalls. The scrubbing uses different special algorithms to try and sort through what's good traffic and what's errant DDoS traffic originated from a botnet. It will then forward the good traffic to the target, trying very hard to keep it up. And this is the cadence that we have across the globe. Every country of our globe has service providers and special security providers that do exactly what we're showing you there on the screen with DDoS detection, DDoS scrubbing, and filtering. Now what are some issues that come up as a result of this? The first issue is that you would want to know whether a given service provider can do lots of these at the same time. So if a service provider can handle one big attack, but can't handle two, then wouldn't that expose kind of a significant critical infrastructure vulnerability, right? Now I doubt there's a service provider anywhere that can handle two. And then you say, well, if you can handle two, can you handle three? If you handle three, can you handle four? And the question is, at what point do you reach your limit? Where I can handle n attacks, but n plus 1 would break the camel's back. I want you to think about that because every system has its limit. Now not only do defenders have their limit, so does the offense. Now we've done the math on how big DDoS can get. We said that if you have 10,000 bots, and they're all spewing a meg that you could fill up a big pipe going into a data center, and on, and on, and on. But at some point you reach something that we refer to in telecommunications as peering capacity. Here's what that means. And I'll tell it to you in the context of traffic with cars and freeways. If you say, hey, I can create an attack this big by having all these cars drive on the freeway. And aim to some off ramp and clog up that off ramp. And you'd go, wow, that is a big problem, I need to be able to stop that. Well, then you'd say, well, all right, you stopped that. But now I'm going to do another one, and another one, and another. At some point, you don't have enough freeway to carry all that attack traffic. The backbone networks get filled up, now that's not good news, right? But all I'm saying is that the math is a little weird with that sort of queuing problem. Because the freeways, or in this case, the tier 1 telecommunication backbone networks, are going to have a physical limit. I mean, you might think of it as a terabyte per second of information, terabit per second, or it could be bigger. But at some point, you hit a limit. And policy issues that need to be though through internationally, what if you do? What if you did have a case where all these things going on? Should an ISP be able to drop the traffic just to sort of keep critical infrastructure up? These are mechanisms that are not in place today. These are cybersecurity controls that are still to be determined. If you're a young person, and you're thinking, what are the kinds of problems I'm likely to be working on if I go into a career in cybersecurity? This is one of them. The idea that if attacks get so big, then the infrastructure protection needs to be set up so that it can keep the things up that must be up. Emergency services, emergency communication, hospital/medical. Food, water, power, communication, these are important things. The sort of ancillary communications that we might have, like with entertainment or just people yakking on their mobile phones, or downloading things, or doing social whatever. Maybe we would make a determination that that sort of thing would fall off the table. And we would just keep up or keep available the networks that are necessary to keep critical infrastructure rolling. We'll spend a little more time on this if you stick with us for subsequent videos. But for now, I want you to kind of ponder that issue, that DDoS is, in fact, a volumetric attack. The defense tends to be volumetric. And if you been wondering what if the volume gets bigger than the defense can handle, you're thinking about it the right way. Still an unsolved problem, something that the next generation will have to come up with more creative solutions to. Gives you something to think about. I hope you enjoyed the discussion. It probably didn't make you feel real comfortable, but I hope you enjoyed it, nevertheless. We'll talk to you in the next one.
