This paper by Arturs Lavrenovs from NATO CCDCOE was presented at the 16th International Conference on Cyber Warfare and Security (ICCWS 2021) in USA, taking place from 25-26 February 2021.
The Internet infrastructure has been struggling with distributed denialofservice (DDoS) attacks for more than two decades. This paper reviews aspects of current remediation strategies for reflected amplified DDoS attacks and identifies elements that are insufficiently researched which might be hindering remediation efforts. It identifies additional actors who should be playing a role in these efforts and reviews their incentives and motivation. The issue has long been whether it is possible to remediate abused protocolsfaster than the protocols get deprecated while devices using them remain functional until the end of their life. It now appears that it is. The Memcache protocol attack capacity was only 319 Mbps in May 2020 but it was 1.7 Tbps only two years previously. Thus it can be considered fully remediated. The paper examines why this was a successful remediation effort and whether it could be applied to other commonly abused protocols by using the reflector capacity measurement methodology. In contrast, the longterm abused DNS protocol has not seen a significant drop in capacity, which is lingering around 27.5 Tbps.
Keywords: DDoS attacks, DDoS attack capacity, DDoS attack remediation, reflectors, amplifiers