BUSINESS TECHNOLOGY MEDIA COMPANY
Companies
Sectors
Security

Operators monitor for attacks

Read time 3min 10sec
Vernon Fryer, chief technology security officer at Vodacom SA, says the only way to pick up the intrusion is to monitor the traffic in real-time.
Vernon Fryer, chief technology security officer at Vodacom SA, says the only way to pick up the intrusion is to monitor the traffic in real-time.

Local cellular operators monitor traffic in a bid to pick up and stop distributed denial of service (DDOS) attacks, before they have a major impact on service levels to subscribers.

According to Webopedia, DDOS attacks make use of multiple compromised systems, often infected with a Trojan, to target a single system, which leads to a denial of service attack. Victims of these attacks include the end targeted system and all systems maliciously used and controlled by the hacker.

Vernon Fryer, chief technology security officer at Vodacom SA, says the network has to be constantly monitored to pick up whether an attack is being routed through it. He says DDOS attacks can cause major traffic issues and slow down browsing on some sites.

Fryer says Vodacom picks up 12 such hits a day and, at peak times, this increases to 30. He adds that, two weekends ago, there was a major strike from China.

24/7

The only way to pick up the intrusion is to monitor the traffic in real-time to detect unusual patterns, says Fryer. He adds that most mobile operators and Internet service providers have deployed a DDOS mechanism, which forms part of a global DDOS monitoring centre.

Most of the deployments have updated blacklisting capabilities to fend off attackers, says Fryer. He adds that real-time monitoring is more effective, and allows Vodacom to block the source IP, although hackers then come back with a different address.

Learn more

Vernon Fryer, chief technology security officer at Vodacom SA, will deliver a presentation, "DDOS: The Silent Thunder", at ITWeb Security Summit 2013. The Security Summit will be held from 7 to 9 May, at the Sandton Convention Centre. For more information, click here.

Fryer notes that most DDOS attacks last less than two hours. One recorded case in Spain was over 17 days, but in bursts of one-hour attacks a day, he adds.

Towards the end of last month, Reuters reported that Spamhaus, a London- and Geneva-based non-profit group that helps weed out unsolicited spam messages for e-mail providers, was subjected to DDOS attacks on an unprecedented scale for more than a week.

"Based on the reported scale of the attack, which was evaluated at 300Gbps, we can confirm that this is one of the largest DDOS operations to date," online security firm Kaspersky Lab said in a statement, the wire service reported. "There may be further disruptions on a larger scale as the attack escalates."

Targeted

Fryer says recent trends in DDOS attacks are that they are focused on total service disruption, extortion and political warfare. DDOS can take the form of large attacks; some of the attacks have been recorded as large as 60Gbps and recently the Mt.Gox attack was 300Gbps, he says.

"What makes these attacks so significant is not their size, but the fact that the attacks are quite focused, like the 'Operation Ababil' launched by the Izz ad-Din al-Qassam Cyber Fighters, part of an ongoing campaign, and, like most DDOS attacks, are quite public, says Fryer. The strikes use multiple targets, from network infrastructure to Web applications, he adds.

Fryer notes that another consequence for users is when they unknowingly become a part of the DDOS attack through command and control botnets. This leads to extraordinary high levels of data use, which subscribers say is not possible, he says.

At a minimum, people need to have anti-virus software, firewalls and can download free software that will show if unusual traffic is moving through the PC, says Fryer.

Login with