You may be a Network Administrator for a small law office, or a quiet small-town school district, or even a midsize enterprise with three or four offices scattered throughout a relatively small geographical area. Have you ever stopped and wondered if a cyber-attack was something you had to be concerned with? You’re not a high value target, right? Not a major financial institution, an ISP, a high profile cloud service provider, or any kind of organization that someone would want to target with an attack, so it can’t (or won’t) happen to you, right?
Perhaps. You might go your entire career without having experienced the crippling impact of a DDoS attack on your infrastructure, or you might learn the hard way that even the most inconspicuous network can be prone to the ripple effect some of these attacks can generate.
"The Internet is a series of tubes..." - the famous quote by former United States Senator Ted Stevens, gave an interesting (if incorrect) laypersons perspective on what the Internet was. What it didn't do was highlight the complexity of the interconnections, and how, despite how enormous it is, everything within it is closely related. Six degrees of the Internet, maybe?
The recent attack on Dyn is the perfect example of this. While your network may not have been the actual target of that attack, if you were a Dyn customer, you certainly felt its effects. External services, websites, email, etc. that relied on Dyn for DNS, all intermittently reachable. Seemingly, random websites reported as down or unreachable. No indications of a problem on your own infrastructure, links aren’t saturated, and no packet loss or latency found.
Then the news finally reaches you, maybe a Tweet, or someone in a Slack channel posts a link to a report of the problem. The news spreads of an ongoing attack on a major DNS provider...your DNS provider. Now it all makes sense, and now, you are officially he victim, albeit indirectly, of a massive DDoS attack.
Don't feel too bad. Other victims included Twitter, Spotify, and Reddit, among thousands of others.
While you may not be a high-value target, some of the critical services you rely on are. Especially as these attacks continue to exploit and target simple services, lower down in the stack. Things like DNS, FTP, and NTP. Services almost all networks rely on to a certain degree, and are common enough to be able to cripple almost anywhere, and anytime, with far-reaching impact.
Nobody is safe. (Queue dramatic music)
That is a huge flaw in something so intrinsic to our daily lives, both personally and professionally. We rely on our networks and the Internet, and when something so simple can interrupt service, it highlights some major problems with the foundation of what we have built.
So, the Internet is broken. Who (or what) is going to fix it?
Can it be fixed?