Can we stop DDoS attacks once and for all?
Denial of Service attacks or Distributed Denial of Service attacks are all about volume. An attacker sends high volumes of different types of traffic towards a vulnerable server. The purpose is to overload the server, servers or network switches, effectively causing a situation where they cannot keep up with requests. This results in the service being hard to reach for real users and in many cases creates a situation where the service is completely blocked and inaccessible.
The complexity and size of DDoS attacks are increasing at a frightening rate as connectivity and network speeds across the globe keep increasing. Attackers are constantly developing new techniques to disrupt systems. To list just a few of them:
- Smurf Attack
- Tsunami SYN Attack
- Christmas Tree Packet Attack
- Hulk Flood Attack
- Slowloris Attack
- Ping of Death Attack
- UDP Flood Attack
Cyberwarfare by states has also become an increasing threat to government agencies and important infrastructure, with a lot of proof pointing to Russia or Russian interests regularly attacking other states.
Google Cloud recently made an investigation into the topic. Google has also developed services such as Google Cloud Armor and Cloud Load Balancing to help customers mitigate these issues. However, considering that Google Cloud is still a centralized service directly connected to one provider it still becomes inherently vulnerable to these attacks. While we applaud Google for their efforts, unlike Unigrid, these services are neither transparently available nor free to use. Protection and service stability should NOT be an option - it should be a right, as well as a natural part of the service and the network infrastructure. Anything else is unacceptable.
We can do better
One of the primary goals and purposes of The Unigrid Foundation is to allow for the deployment of protected services on the Internet, making them more resilient to disruption and DDoS attacks. The network will achieve this by employing transparent sharding, load-balancing and segmentation. With the Unigrid network, there no longer is a single point of failure that can be targeted. Instead, the network is load-balanced, with the services and their data spread out over the network. To protect the network further, the network can also filter traffic and employ rules for DDoS protection when packets are routed through the gridnodes of the network.
A DDoS attack on the Unigrid network
Let's consider a theoretical attack on the Unigrid network and what the attacker would be faced with when trying to disrupt a service with just a modest amount of deployed gridnodes with the attacker trying to disrupt a website running on the network. The attacker would be faced with a topology similar to this one:
As depicted in the topology above, services on the Unigrid network are spread out with data sharded across several shard groups. Each shard group consists of a number of gridnodes.
Knowing how effective the Unigrid network will be against these types of attacks is extremely difficult to predict. The network might not be able to completely thwart all DDoS attacks out there, but with the built-in sharding, segmentation, fault tolerance and built in packet filtering it will be able to throw a very big wrench in the direction of any attackers trying to disrupt services and data on the network.