DDoS Resiliency Score (DRS) updates based on attacker-capabilities

Since its first release in 2016, the DDoS Resiliency Score (DRS) helped us in a lot of DDoS-Assessments and Stresstest to illustrate the problem of ThreatLevel vs ProtectionLevel and communicate, which steps would be necessary for a client to reach the proposed ThreatLevel for each attack-vector ( volumetric, layer7).


DRS: metering the gap between ThreatLevel vs ProtectionLevel

Moving forward to 2021, the DDoS-Threatlandscape hasn't changed much: new vectors popping up every then and there, allowing vendors to fearmonger their client and call unison "The End Is Neigh", DDoS-Extortion is still a problem , and every once in a while a vendor claims to have seen and protected against the biggest DDoS-Attack Evva!

And while we have seen a not-yet-20yrs old trainee performing CarpetBombing with 300 GB/s, we found that the DRS v1.1 was somewhat not flexible enough and needed refreshments and polish, so we kept the established 7-Level-Scale and tried to match attacker-capabilities onto that matrix, based on what we've seen during DFIR-engagements or read in technical articles, allowing a more versatile determination of indidvidual ThreatLevels.

Please find below our proposal for an extended/modified DRS-Scoring, that we want to discuss with the community.

drs capabilities

drs capabilities2

Download "DDOS Attacker-Capabilities-Scoring" (PDF)

Discuss with us via Email: ddos@zero.bs

You can reach us on Twitter @zero_B_S as well.

Fragen? Kontakt: info@zero.bs