It's unlikely that it was an application (layer 7) attack as the goal was to take the entire network, not a single website or application offline.
Was it a large attack?
The attack was probably not large. Public records show that North Korea's communication backbone is only 2.5 Gbps. By comparison, the average DDoS attack we see is 10 to 20 Gbps, and the largest ones ramping up to over 200 Gbps.
Who is responsible for the attack?
Speculation is that the U.S. government launched the attack, in retaliation for North Korea's alleged attack on Sony. President Obama promised to respond "proportionally," though U.S. government officials have declined to comment.
Hacktivist group Lizard Squad, on the other hand, seems to be not so coyly taking credit for the attack in this series of tweets. The attack being the act of vigilantes is a much more plausible theory than the U.S government. These groups are capable of mounting attacks several times the size of the attack on STAR-KP. And true to form, they took credit publicly, which is typical behavior for a hacktivist group.
A Distributed Denial of Service attack is a malicious attempt to make a server or a network resource unavailable to users, usually by overwhelming the services of a host or a network connected to the Internet. DDoS attacks can be broadly divided into three types:
- Volume Based Attacks (aka Volumetric Attacks) Includes UDP floods, ICMP floods, and other spoofed-packet floods. The goal of the attack is to saturate the bandwidth of the attacked site, and magnitude is measured in bits per second.
- Protocol Attacks Includes SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS and more. This type of attack consumes actual server resources, or those of intermediate communication equipment, such as firewalls and load balancers, and is measured in packets per second.
- Application Layer Attacks Includes Slowloris, Zero-day DDoS attacks, DDoS attacks that target Apache, Windows or OpenBSD vulnerabilities and more. Comprised of seemingly legitimate and innocent requests, the goal of these attacks is to crash the web server, and the magnitude is measured in requests per second.
We will update this contributed post as more information becomes available.
Sign up for CIO Asia eNewsletters.