DDoS: threats and mitigation

According to a report from Prolexic, one of the first and largest companies offering DDoS mitigation services, ⁠ attack traffic rose 66% over the course of a year (to Q3 2011). 1 Network-layer attacks accounted for 83%, the rest being application-layer attacks. The average duration was 1.4 days and the average bandwidth consumed was 1.5Gbps. The size of attacks is getting bigger, too. In July 2011, Prolexic announced it had mitigated what it believed to be the largest packet-per-second DDoS attack ever seen in Asia. Consisting of SYN and ICMP floods, the attack deployed 176,000 bots (compared to the 5,000-10,000 bots more normally seen by Prolexic) to generate 25 million packets per second. According to the company, the majority of high-end border rout-ers typically forward 70,000 packets per second. It mitigated the attack by distributing traffic among its Tier 1 carrier partners and scrubbing centres. Ben Petro, senior VP network intelligence & availability at Verisign, traces the rise of DDoS attacks back another year. He says that for years there was little awareness of the problem but that, " 2010 was a dramatic shift – not only in the size, scale and trajectory of DDoS, but also in its proliferation and the number of different types of organisation that were hit. " In the years 2006-2008, he adds, the average attack was somewhere around 40Mbps. " And then, all of a sudden, coming in 2010 we started to see 2Gbps, then 5Gbps, then 8Gbps and 15Gbps attacks, culminating in the largest that we've seen coming in at 84Gbps sustained for a week and a half. That is an incredible amount of traffic when you get down to packets or queries per second – you're over the hundreds of thousands of queries per second per location for Verisign, and we have 165 locations. So it's an enormous volume. " The rising popularity of DDoS attacks may be connected directly to their effectiveness. Paul Sop, CTO at Prolexic, says, " people get creative and they use and invent new ways and reasons to use DDoS. When an idea catches on in the industry there's a tipping point – people say, hey here's a type of attack we can launch and it's very likely we won't go to jail unless we're pretty dumb about it. " He adds: " It is like asymmetric warfare – the attackers have so much advantage in terms …