A Solution for DDoS

October 09, 2016

If you haven’t heard the news yet, there was a record DDoS attack perpetrated against Brian Krebs last month. Distributed denial of service attacks are nothing new. But the particulars of attack changing. In the past, DDoS attacks used reflection or amplification techniques to take a large botnet and compound their effective attack traffic. The big deal with this new attack is that the botnet was much bigger than previous botnets. So big, in fact that reflection and amplification hacks weren’t necessary. The purported size is 1 million devices. And the botnet was comprised mainly of IoT devices such as security cameras.

botnet “Botnet” by tecnomovida is licensed under CC BY-NC-SA

That has all been well-covered by the tech press. The question is, how do we prevent or at least reduce these kinds of attacks? As usual, follow the money!

The real issue is one of economics and not technology. These DDoS attacks come from p0wned devices on users’ networks. Right now the service providers(e.g. Brian Krebs) pay per byte for their bandwidth but users do not. Most home and business internet connections are not billed per byte. So most users don’t care how much traffic they generate.

Consequently since the users aren’t paying for the traffic, there’s no economic incentive for them to keep their devices up-to-date with security patches.

What if users’ internet was billed per byte? If a user’s device were a part of a DDoS botnet, their monthly internet bill would increase due to the increase in traffic coming from the hacked device. The user would then be more likely to try to find the rogue device and take it offline or clean it. Subsequently, users would start demanding that manufacturers create more secure devices that are patched on a regular basis.