I am pleased to announce the publication of BITAG’s report on Simple Network Management Protocol Reflected Amplification Distributed Denial of Service Attack Mitigation , or “SNMP DDoS Attacks” for short. This technical report will give both technical and non-technical individuals alike insight into a problem beginning to be encountered by ISPs on their networks.
As described in the report, Internet service providers have begun to observe large-scale SNMP reflection attacks where subscriber devices can be used unwittingly to generate significant and sustained levels of traffic targeted against other networks or sites. These attacks can negatively affect service for the targets. The Report assesses the technical implications of such attacks and makes recommendations as to appropriate responses.
From my perspective as the Executive Director of BITAG, I am especially pleased with this report as it was the outcome of our first formal Review Request. A Review Request arises when a BITAG member has identified a technical issue and some potential solutions, but wishes to bring their proposed solution to the BITAG forum prior to implementation in order to solicit input from the rest of our Members. With our Members in turn representing a fairly broad cross-section of the Internet ecosystem, this report demonstrates what BITAG was designed to do. In short, BITAG was formed to look at the intended and unintended consequences of changes in network management techniques, to recommend best practices in implementation, or to recommend other less “harmful” alternatives if they are available. BITAG focuses on those techniques where implementation may have a differential impact or potentially anticompetitive effects on other players in the ecosystem.
SNMP DDoS Attacks is the third report produced by BITAG’s Technical Working Group (TWG) to date. Our first report dealt with DNS Whitelisting, a technique used in the IPv6 transition, while our second report addressed Large Scale Network Address Translation (NAT), another technique used in the IPv6 transition.
The SNMP Report, including its recommendations, can be found at: http://www.bitag.org/report-snmp-ddos-attacks.php.