Anti-DDoS servers used to launch DDoS attack

Infrastructure designed to protect organisations against DDoS attacks has been subverted and used carry out out the attacks it was trying to stop on an unnamed online gaming company.

The attack was launched from servers based in Canada and China. the servers themselves were part of an anti-DDoS protection system. The attack, discovered by IT security company Incapsula, was mounted on an online gaming company.

At its peak, the attack threw around 25 million packets of data at the victim's server per second, according to the firm.

Igal Zeifman, product evangelist at Incapsula, said that its investigations into that attack found that DNS queries contained non-spoofed IP data that allowed the firm to uncover the attacker's true points of origin.

"When we did, we were surprised to learn that the malicious requests were originating from servers of two other anti-DDoS service providers one based in Canada, the other in China," said Zeifman. "All told, these were hitting our network at a rate of 1.5 billion DNS queries a minute, amounting to over 630 Billion requests during the course of the seven hour-long DDoS attack."

The company then notified the anti-DDoS vendors who then stopped the services from attacking the gaming firm.

Zeifman said that malicious use of security products is "nothing new". "However, this is the first time we encountered 'rogue' scrubbing servers used to carry out large-scale DDoS attacks. This fact, combined with the inherent danger of non-amplified DNS floods, is what makes these attacks so devastatingly dangerous."

He said that the number of reports coming in from many sources and several large scale attacks on its own infrastructure, "we are now convinced that what we are seeing here is an evolving new trend - one that can endanger even the most hardened network infrastructures," he said.

He warned that any service providers that offer indiscriminative access to high-powered servers helps the offenders to outgrow these limitations. "In this case, the security vendors played right into the hackers' hands, by equipping them with high-capacity resources, able to generate billions upon billions of unfilterable DDoS requests enough to pose a serious threat to even to the most over provisioned servers," said Zeifman.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.