GoDaddy Goes Down

A couple weeks ago, Web site hosting company GoDaddy.com was hit with a Distributed Denial of Service (DDoS) attack that took down thousands of its customers’ Web sites for several hours. As CNET reports, this wasn’t the first time the domain name provider was knocked off line – a similar attack in 2005 affected 6,000 of its customers’ Web sites.

Companies like GoDaddy.com that are responsible for safeguarding e-commerce sites and Web infrastructures should ensure they have the proper technology in place to deal with mounting DDoS attacks. With the state of the economy being what it is right now, it’s essential that online stores remain open and running when a customer is ready to make a purchase. In this instance, customers were understandably upset about their sites being down and were quick to complain. Los Angeles based lifestyle blog LA Snark even posted a response to GoDaddy.com.

E-commerce merchants can remain confident that their customers will encounter a positive user experience if their Web-hosting company is well prepared to deal with these kinds of security threats. That said, the problem has grown considerably larger over recent years. In a recent report on DDoS trends published in late 2008, large scale attacks of 40Gbps or more are being seen. (Link To Arbor Report) Most hosting providers are not able to accommodate such levels of attack and this seems to be pointing to more managed security in the Cloud going forward being delivered by Tier 1 carriers and security providers with this kind of bandwidth. The real question becomes at what point with an increasingly Internet based economy does this level of protection become required versus a nice to have?

Technology specifics that are in motion…

Earlier this week the changes being seen from the impact of new regulations was mentioned.  What has been interesting to watch is the technology specifics that are in motion.  Technology for the support of Lawful Interception was often a circuit based such that clipping onto a phone line or Internet connection drove technology scaled to the performance of the one user.  As users moved to many devices and were mobile with thier communications, technology moved upstream interfacing to phone systems and network equipment that based upon awareness of the registered user selected appropriate information.  Today, relationships on the Internet are vast and dynamic and identity of a user is often not tied to a device or circuit.  As such systems must possess many new advanced analysis, inspection and capture capabilities in order to comply with the regulations.  Three notable technology requirements that really seem to clarify what I see in 2009 are: 10 Gigabit Ethernet, Full Content Capture and Protocol Specific User Identification.

Taking a look at 10 Gigabit Ethernet first, it seems off-hand as not new for 2009 but in this field I suggest that the meaning behind it really is.  For years we have seen 10GbE as coming, we have built systems that supported 10GbE and all marketed that we were first.  What is interesting is there really seems to be a migration from 10GbE is in the future or our network links are 10GbE but they really aren’t fully utilized to 10GbE means 10GbE.  What I mean by that is customer expectations and more importantly true need really deals with 10GbE means processing a fully utilized pipe and often bi-directionally for 20Gbps of unique data to inspect.  This has become a dramatic change in processing performance as DPI systems are essentially processing the data and moving from even uni-directional GigE or OC-48 systems to full duplex 10GbE is anywhere from an 8x to 20x processing increase from earlier generation systems in the DPI segment.  With large metro deployments in telcos, multiple 10GbE links are the norm not the exception.  This is where 2009 seems like a year of separating out the technology.

Full Content Capture is another area that directives and regulations appear to be driving change.  In the past, if content was seen of interest in a packet the desire was to capture it.  That evolved to if you see a session, or more specifically flow, that is of interest, capture the rest of it from here on out.  Now, the requests are that if you see information that identifies a flow of interest, make sure that the flow from the “start” of the conversation is captured.  In a sense, this is asking for systems to go back in time and record data.  As this is intersected with the 10GbE requirements this has led to large scale buffering systems to allow for arbitrary window sizes of time to be gathered such that it may be found of interest in the future.  This has led to very different architecture of solutions from the past and appears to be a new trend as we enter into 2009.

Protocol Specific User Identification is something that is old, but really speaks to the Internet age and the growth of protocols.  At its lowest level what I mean is looking at the content of an exchange with a web site and identifying the target based upon the credentials being passed.  As each and every web protocol or site establishes its own mechanism this leads to different methods for each.  Simply trying to do this for emails, within a specific region, can rapidly lead to dozens of variations. 

The interesting thing from a technology point of view is how vastly and fast the requirements throughout the world are changing in response to new regulations.  While the western world appears slower than other areas to pass such regulations the technology development continues to move along at a fast clip to keep up with global needs.  What will be interesting is how quickly these advanced capabilities spread across the landscape of customers and how the solutions will stand the test of time.

Regulations are changing worldwide…

A few weeks ago I had the opportunity to present at the ISS Telestrategies conference on Deep Packet Inspection and Lawful Intercept Technology (http://www.issworldtraining.com/ISS_WASH/).  It was interesting to see how much and how fast this industry is changing.  Regulations are changing worldwide that are driving the demands for new technologies and vendors are rapidly moving towards building those capabilities.  Furthermore, an industry that was heavily positioned for edge technologies sitting on a targeted link are migrating to aggregation points requiring not only performance but changes in the capability sets to appropriately deliver selected data.  As such this has led to segmentation in the deep packet inspection (DPI) market between those delivering what is being called deep packet capture (DPC) versus a broader DPI (http://en.wikipedia.org/wiki/Packet_capture). Each of these macro changes are worth a dialog in themselves, however, touching on the impact as a whole raises new questions.

As the world has begun to change or update regulations, such as those seen in the European Union with regards to data retention for the support of law enforcement DIRECTIVE 2006/24/EC OF THE EUROPEAN PARLIAMENT, these are driving significant new changes to the telecom landscape.  The extent of these regulations drives growth of interception technology at pace with the network growth itself.  The expense of these systems as well as the complexity of protection of the privacy of the data gathered is changing the technology requirements unlike what has been seen before.  The big questions this leads to is how fast can compliance be achieved and will this change the landscape of the class of companies that can support this scale of deployments?  Also, what impact will this have on the architecture of the telecom provider’s networks as data collection is not a small issue but core to even how the network could be architected to support such directives?  Will this lead to specific variants of technology, such as the thesis of some of the DPC specific vendors for technology designed exclusively for these directives or will the costs of such a large scale deployment require common infrastructure with the telco gear to drive down CAPEX and OPEX of supporting the directive?

In many ways, more questions than answers but clearly lots of change.

Read More: International Mandates : Changing the Way Law Enforcement Operates