DDoS pile-on in too many places at once, expert says

We've done a ton of analysis on DDoS attacks this year, and with good reason:It seems these days like anyone can launch one, even grandma.

The hydra that is the WikiLeaks case has taken it to freakish levels. It's like someone shot up all the botnets with a vial full of steroids.

Lori MacVittie,senior technical marketing manager at F5 Networks, has been studying the evolution of these attacks from her corner of the universe, and was kind enough to share the F5 findings with me in a Facebook message.

What she says is pretty consistent with what other experts have been telling me, but it's no less sobering:

"During a typical DDoS attack, a single attacker launches a single type of attack on as massive a scale as they can muster. This latest round has largely been encouraged by continuous mass media reporting. This is creating a flash-crowd style interest. This means we are seeing numerous attacks happening simultaneously. So instead of fending off a SYN flood attack, we are seeing SYN flood, TCP connection flooding, ping of death, excessive HTTP headers and SlowLoris, and good old-fashioned HTTP GETs flooding.

"So it's not just either or -- it's both, simultaneously. That's part of why it's so successful thus far -- too many security components are focused on one or the other, not both, and it's overwhelming the infrastructure and getting through to the limited resources of the application tiers."

She makes an important point: That we have to be defending ourselves on multiple fronts at once. To the experienced security practitioner, that may seem like the biggest "duh" statement of all time.

But the fact that these attacks are causing so much disruption tells me that the message needs repeating for some companies out there.

--Bill Brenner