In the increasingly interconnected and vulnerable digital landscape, protection against DDoS (Distributed Denial of Service) attacks has become a crucial priority for companies and organizations that depend on a solid online presence. While many may be tempted to look for simple solutions to deal with this type of threat, it is important to understand that superficial approaches can actually harm the client themselves.
Furthermore, the mistaken belief that blocking 100% of traffic will solve your problem can also lead to serious consequences, as was evident in the case of YouTube, when a simplistic protection option brought down the platform on a global scale. In this article, you will understand the complex challenges faced in anti-ddos, the limitations of using the blackhole and the importance of investing in knowledge and resources to ensure the stability and security of online infrastructure. Enjoy your reading!
Anti-DDoS: A challenge for communications and telecommunications companies
If you own a company specializing in data communication networks or telecommunications. lives with the risk of distributed denial of service (DDoS) attacks on a daily basis. The attacks may be against your customers, but – in one way or another – they also end up being against yourself. Since 1974, when American student David Dennis ran, purely as an experiment, a script that crashed 31 terminals in the Plato education system at the University of Urbana Champaign, denial of service attacks have been evolving in speed and volume.
They have now reached the category of “distributed denial-of-service attacks”, producing traffic floods in the region of gigabits. However, since 2021, they have also been hitting terabits, and in the future they will reach even higher multiples. The word “distributed” in the name DDoS appeared in April 1999. A hacker used a tool called “Trinoo” to attack the University of Minnesota’s network. This network was a set of compromised machines – the “Masters” and “Daemons” – in which the Masters forwarded instructions for hundreds of “Daemons” to send data in UDP protocol (which does not require confirmation or response) against a certain IP address. In this way, “botnets” were born, or networks of “robots” that do whatever their “master” tells them to do.
The simplest anti-drone solutions hurt the customer
Equipment manufacturers and software developers have developed various solutions to solve this type of problem. Solutions have emerged in many variations of strategy, complexity and cost, but the best and most efficient require structure and that means investment. Of all these, one of the simplest and most widely used when resources are lacking is RTBH or Black Hole. You’ve probably heard of the term, or know someone who uses it.
Anyone who knows their way around a sieve will understand precisely how the Black Hole works. It is a separating element. Unlike a specialized anti-ddos solution, the “black hole” separates, but also diverts to a ‘black hole’ (actually, to a ‘null’ address), traffic destined for one or more IP addresses. All other traffic is then passed on to the other destination addresses. This feature is available on routers and its ease of use has made many companies turn to it to remedy denial-of-service attacks.
“Remote Triggered Black Hole” is the official name of this feature, and its use requires great care. The main problem with using it is that by using the black hole, you guarantee victory and success to the aggressor. Therefore, by redirecting traffic to a black hole (null address), your IP destination will no longer receive anything. Neither the bad traffic from the attack nor the legitimate traffic. In other words, your address will be blocked from receiving any kind of traffic.
Therefore, unlike a specialized anti-ddos solution, the black hole serves the same purpose as the attack: to cause service unavailability.
Blocking 100% of traffic doesn’t solve the problem
Now, if the aim of the attack was to damage the service on a particular IP, the use of black holes ends up doing the same thing. The service no longer receives the flood of requests from evildoers, but it doesn’t serve anyone else. And that’s why specialized anti-ddos is so important.
However, you could argue that it’s better to do this than run the risk of extending the attack to other addresses and compromising the entire infrastructure. It wasn’t long before this happened to the blog of American journalist Brian Krebs, who specializes in cyber security. On September 21, 2016, it suffered the largest DDoS ever recorded on the Internet up to that point – the traffic measured was 665 gigabits per second. Cybercriminals using the Mirai botnet, which was organized with 24,000 devices that day, carried out that attack. Attacks of this complexity require an extremely robust anti-data solution.
But why was the blog attacked? Because cybercriminals didn’t like the work of Krebs, who is the author of constant denunciations of cybercrime. In November of that year, however, the journalist announced that he was moving the blog to another host, to prevent the provider from being attacked a second time for the same reason.
Subscribe to HugeReport and receive a monthly report on DDoS attacks mitigated in Brazil.
The simplest option brought down YouTube worldwide
However, there was a public case of black hole use, in which the problems were immense. It happened in Pakistan on the afternoon of February 25, 2008. In compliance with a government order, internet users had to be blocked from accessing YouTube so that they wouldn’t see a religiously offensive video. The order was complied with by Pakistan Telecom, which made the necessary change to the country’s BGP (border gateway protocol) layer, without implementing anti-DDoS protection measures. That’s where the danger lies.
On networks and the Internet, most operations are carried out with the support of the security provided by certificates, credentials and other items. But in certain layers, such as this one, lie operations based on mutual trust between the major network operators. So what Pakistan Telecom did was to create a fictitious route, marking the “black hole” destination for all YouTube traffic. This complied with the government’s request: YouTube would apparently only be down for all Pakistanis. It turns out that the operator has a subsidiary in Hong Kong and has announced this route there as well. The subsidiary accepted the change.
However, as this was done at the BGP layer, the error quickly spread around the world. For about two hours, YouTube was practically inaccessible. This problem would not occur with an anti-ddos solution. Anyone who searched for that address received a route that ended in a Pakistan Telecom black hole. The problem was fixed, but it showed the fragility of a protocol and the consequences of a poorly planned solution.
The importance of modern and robust Anti-DDoS
From this and other incidents in which RTBH/Black Hole has been used, the big lesson is that the risk becomes very high and the cost even more so. It’s like killing an ox to end a tick infestation. The same goes for antibiotics, which, when they treat an infection, also destroy bacteria in the intestinal flora. The solution lies in selecting a network and telecommunications infrastructure provider, such as Huge Networks. With a modern and robust anti-data solution, it also offers options in terms of routes, bandwidth, packet filtering and other features that protect the operation without putting it at risk.
A DDoS attack can come at any time, from any direction. So if you need to serve customers with data communication services, you can’t operate without protection that keeps out the danger. This, of course, without jeopardizing your client’s service.