As enterprises increasingly depend on hosted infrastructure and services, they are placing themselves at greater risk of second-hand DDoS attacks. The size and scale of hosting or datacentre operator network infrastructures and their huge customer base makes them an appealing target as it dramatically increases their attack surface. Their large aggregate bandwidth and multiple entry points to the scaled network can make them an easy conduit for a widespread DDoS attack.
The vast amount of traffic that bombards a single target during a volumetric DDoS attack can adversely affect other tenants as well as the initial point of entry, not to mention the overall data center or hosting providers operation. Unfortunately, it is becoming increasingly common for attacks on a single tenant or service to stranglehold the shared infrastructure and bandwidth capacity, leading to an entire data center being slowed or taken offline, aka second-hand DDoS. An attack on a single line client of the host, such as a high-traffic gaming service (frequently a DDoS target) can create major collateral damage to other hosted customers.
A popular, if crude, defense against second-hand DDoS attacks is black-holing or black-routing. Unfortunately, this effectively means that the affected data center or hosting operator takes down its own customers, leaving all tenants of the shared infrastructure, to suffer a denial-of-service for extended periods of time. Added to this, injection of null-routes is a manual process, involving human analysts, workflow processes and approvals, further potentially extending down-time for second-hand DDoS victims.
Security experts advise enterprises that rely on hosted infrastructure or services to start by asking their hosting or data center providers questions on how they will be protected if or when a DDoS attack occurs. Find out if there is in-line DDoS protection positioned at the network edge, so that attackers cannot enter the network unimpeded in the first place.
There are mitigation solutions, which are built to never drop good traffic. The security equipment itself can become a bottleneck in delivering hosted services – however, its job should be both to defend the service from attack and ensure that it allows legitimate traffic to pass through and receive service.