‘The digital threat to our national security is permanent.’ That is a clear statement from the National Coordinator for Security and Counterterrorism (NTCV) in his annual Threat Assessment. It is nothing new, though. We know that DDoS-attacks are a big part of that threat. Although it seems that lately we found a way to minimize the damage of those attacks. It seems…

Since several Dutch banks were victim of a DDoS-attack last year, it has been relatively quiet in the mainstream media about new attacks. But believe me, they are still here! It is just that the damage of an attack seems to have a smaller impact on a company or a network. That is because we have good measures to protect networks from an outside attack. Measures like blackholing, NaWas (Nationale Wasstraat for DDoS-attacks) and smart packet filters help us a lot.

But what if an attack would come from inside your network? Like from machine in your network that is used for a DDoS-attack on another machine in your network, or even to your own infrastructure?

Since we have more bandwidth to our disposal, the upload speed has gone up quite dramatically, hence more traffic is going out. So, it is easier for a hacker (who’s taken over one of your customer’s PCs) to send that traffic to another machine in the same network. Or to multiple machines on your network. Or even straight to you.

There is no easy fix yet

I don’t have to tell you what kind of damage that can cause to your network. And more importantly, how to fix it fast! Because the ‘standard’ measures we have to protect us from an outside attack, will not help that much. The network will be clogged up and other customers will feel that. You could try to blackhole the traffic on your upstream connections, but the traffic is not coming in through those connections – and the effect of your efforts will be zero.

So, how do you protect your own network from an inside attack? I don’t think that there is a standard answer to that. What I do know is that detection is key here; detection for suspicious traffic and activity from your own clients. Especially those who are end-users.

More bandwidth and a higher upload speed are great for your customers. Be it can open you up for more attacks, simply because hackers will have more capacity to launch an attack. Monitoring DDOS attacks becomes therefore even more crucial, especially within you own network. Better to be safe than sorry.