- Advertising Aerospace Agriculture Animals/Pets Automotive Biotech Boating Business / economics Chemistry Cities and provinces Comics Computer hardware Computers Construction Countryside Culture and art
- Decoration Education Electronics Energy Engineering Environment and nature Family Finance Food and Beverages Forest and Wood Gardening Government Handicraft Homeland Insurance International
- Legal Leisure Lifestyle Logistics Manufacturing Marketing Media Medical Metal industry and Metallurgy Military Music and Entertainment Non-profit Paper industry Photography Politics Publishing
- Real estate Religion Retail Science Security Site News Social services Software Sport / leisure Sports Telecommunications Topstory Tourism Working life
Home » Releases » Business / economics » Arbor Networks’ ATLAS Data Shows the Average DDoS Attack Size Increasing
Arbor Networks’ ATLAS Data Shows the Average DDoS Attack Size Increasing
Published: 23-Jul-2015 09:10 am
Publisher: Arbor Networks
BURLINGTON, MA., July 22, 2015 – Arbor Networks Inc., a leading provider of DDoS and advanced threat protection solutions for enterprise and service provider networks, today released Q2 2015 global DDoS attack data that show strong growth in the average size of DDoS attacks, from both a bits-per-second and packets-per-second perspective.
The largest attack monitored in Q2 was a 196GB/sec UDP flood, a large, but no longer uncommon attack size. Of most concern to enterprise networks is the growth in the average attack size. In Q2, 21 percent of all attacks topped 1GB/sec, while the most growth was seen in the 2-10GB/sec range. However, there was also a significant spike in the number of attacks in the 50-100GB/sec range in June, mainly SYN Floods targeting destinations in the US and Canada.
“Extremely large attacks grab the headlines, but it is the increasing size of the average DDoS attack that is causing headaches for enterprise around the world,” said Arbor Networks Chief Security Technologist Darren Anstee. “Companies need to clearly define their business risk when it comes to DDoS. With average attacks capable of congesting the Internet connectivity of many businesses, it is essential that the risks and costs of an attack are understood, and appropriate plans, services and solutions put in place. ”
Active Threat Level Analysis System (ATLAS®)
Arbor’s data is gathered through ATLAS, a collaborative partnership with more than 330 service provider customers who share anonymous traffic data with Arbor in order to deliver a comprehensive, aggregated view of global traffic and threats. ATLAS collects 120TB/sec of Internet traffic and is the source of data for the Digital Attack Map, a visualization of global DDoS attacks created in collaboration with Google Ideas.
Reflection Amplification Attacks
Reflection amplification is a technique that allows an attacker to both magnify the amount of traffic they can generate, and obfuscate the original sources of that attack traffic. This technique relies on two unfortunate realities: firstly, many service providers still do not implement filters at the edge of their network to block traffic with a ‘forged’ (spoofed) source IP address; secondly, there are plenty of poorly configured and poorly protected devices on the Internet providing UDP services that offer an amplification factor between a query sent to them and the response which is generated. The majority of very large volumetric attacks leverage a reflection amplification technique using the Network Time Protocol (NTP), Simple Service Discovery Protocol (SSDP) and DNS servers, with large numbers of significant attacks being detected all around the world.
There is some evidence that the storm of reflection amplification attacks utilizing SSDP might be abating slightly, with 84,000 tracked in Q2 (similar to the Q4 level) down from 126,000 in Q1.
The average attack sizes for DNS, NTP, SSDP and Chargen reflection amplification attacks all increased in Q2 2015.
50 percent of reflection attacks in Q2 targeted UDP port 80 (HTTP/U)
Average duration of a reflection attack was 20 mins in Q2 (19 mins in Q1).
Other releases of publisher
- 23.07.2015 09:10Arbor Networks’ ATLAS Data Shows the Average DDoS Attack Size Increasing
- 01.07.2015 08:20Arbor Networks Secures Three New Patents for DDoS Detection & Mitigation
- 11.06.2015 11:03Infonetics Research Report Identifies Arbor Networks as World Leader in DDoS Prevention in Carrier, Enterprise and Mobile Markets