Arbor Networks ATLAS DDoS Attack Data for Q3 2013
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Arbor Networks ATLAS DDoS Attack Data for Q3 2013

on

  • 2,827 views

This presentation provides details into DDoS attack data for Q3 2013. It was gathered from Arbor Networks' ATLAS portal which is a truly innovative, one-of-a-kind Internet monitoring system. ATLAS is ...

This presentation provides details into DDoS attack data for Q3 2013. It was gathered from Arbor Networks' ATLAS portal which is a truly innovative, one-of-a-kind Internet monitoring system. ATLAS is a collaborative effort with 270+ service providers who have agreed to share anonymous traffic data on an hourly basis, together with data from Arbor dark address monitoring probes, as well as third-party and other data feeds. The network and security intelligence delivered via ATLAS gives Arbor customers a considerable competitive advantage because of the powerful combination of the micro view of their own network (via Arbor products) together with the macro view of global Internet traffic (via ATLAS).

Statistics

Views

Total Views
2,827
Views on SlideShare
2,797
Embed Views
30

Actions

Likes
3
Downloads
89
Comments
0

4 Embeds 30

https://twitter.com 14
http://912.by 10
http://sitebuilder.atservers.net 4
http://news.softpedia.com 2

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Arbor Networks ATLAS DDoS Attack Data for Q3 2013 Presentation Transcript

  • 1. ATLAS Q3 2013 Update October 2013
  • 2. The Arbor ATLAS Initiative: Internet Trends  275+ ISPs sharing real-time data - > ATLAS Internet Trends – Automated hourly export of XML file to Arbor server (HTTPS) – File is anonymous, only tagged with – User Specified Region e.g. Europe – Provider Type (self categorized) e.g. Tier 1  Data derived from Flow / BGP / SNMP correlation – Arbor Peakflow SP product – Correlates Sampled Flow / BGP in real-time – Distributed in nature – Network / Router / Interface etc. Traffic Reporting – Threat Detection (DDoS / infected sub) – Multiple detection mechanisms  ATLAS currently monitoring a peak of 69.7Tbps of IPv4 traffic (peak) across all respondents. - A significant proportion of Internet traffic
  • 3. The Arbor ATLAS Initiative: Internet Trends 2013  Key Findings (comparing Q1/Q2/Q3 2013 to 2012):  BPS attack sizes trending upwards massively, proportion of attacks over 1Gb/sec is now 53.9%, up from 33.1% last year  Average attack sizes illustrate the above. Average BPS attack size is up 78% so far this year, average PPS size however is down 34%  HUGE growth in proportion of attacks over 10Gb/sec, currently 4.06% of all attacks, up from 2.3% last year  HUGE growth in number of attacks of over 20Gb/sec, almost 4.5 times the number seen in 2012 already  Proportion of attacks in the 2 – 10Gbps range more than doubles, from 14.78% to 37.13%  Largest monitored and verified attack size increases significantly to 191Gb/sec
  • 4. The Arbor ATLAS Initiative: Internet Trends 2013  Key Findings (comparing Q1/Q2/Q3 2013 to 2012):  PPS attacks sizes seem to be trending downward, reversing the strong growth trend seen in late 2011 and through 2012  Massive increase in proportion of attacks involving fragments. 27.1% so far this year, up from 10.2% last year  Proportion of attacks targeting port 80 drops slightly from 36.8% last year to 30.6% so far this year  Attack durations are trending shorter, 87.5% now last less than 1 hour
  • 5. 2013 ATLAS Initiative : Anonymous Stats, World-Wide Q1 Trend of Higher BPS Attack Rates Continues  Proportion of attacks over 1Gb/sec continues to rise  Upward trend over last four years from 21%> 29.5% -> 33.1%-> 53.91%  Proportion of attacks less than 1Mpps increases, reversing recent trends  Reverses downward trend over last four years from 87% -> 65.07% -> 62.2% -> 77%  Average size of attack trends year on year  2012:  1.48Gb/sec (+20% from 2011)  1.48Mpps (+11% from 2011) World 2011 Size Break-Out,BPS  2013 Q1/Q2/Q3:  2.64 Gb/sec (+78% from 2012)  982.16Kpps (-34% from 2012) World 2012 Size Break-Out,BPS World 2013 Size Break-Out,BPS <1Gbps >1<2Gbps >2<5Gbps >5<10Gbps >10<20Gbps >20Gbps
  • 6. 2013 ATLAS Initiative : Anonymous Stats, World-Wide HUGE Growth in Proportions Attacks Using High BPS Rate  Already seen more than four and a half times the number of attacks over 20Gbps than seen in whole of 2012!  Growth in proportion of attacks in 2-10 Gbps range :  9.3% in 2011, 14.78% in 2012, 37.1% in 2013 so far World 2012 Size Break-Out,BPS  Significant growth in proportion of attacks over 10Gbps, up 69.4% from 2011 -> 2012, up 76.5% so far in 2013. 4.06% of attacks now over 10Gbps  Average attack size over 10Gbps = 18.47Gbps World 2013 Size Break-Out,BPS <1Gbps <1Gbps >1<2Gbps >1<2Gbps >2<5Gbps >2<5Gbps >5<10Gbps >5<10Gbps >10<20Gbps >10<20Gbps >20Gbps >20Gbps
  • 7. 2013 ATLAS Initiative : Anonymous Stats, World-Wide BPS is Focus, as PPS Rates Shift Down  Packet per second attack sizes fall back across the range:  2 – 5Mpps – 12.7% in 2012, to 7% so far this year.  5 – 10Mpps – 4% in 2012, to 1.84% so far this year World 2011 Size Break-Out, PPS  Reverses trend toward higher PPS attacks seen since late 2011.  Proportion of attacks over 10Mpps drops from 1.96% (2012) to 0.8% so far this year World 2012 Size Break-Out, PPS World 2013 Size Break-Out, PPS <1Mpps >1<2Mpps >2<5Mpps >5<10Mpps >10<20Mpps >20Mpps
  • 8. 2013 ATLAS Initiative : Anonymous Stats, World-Wide Short Sharp Attacks More Common  Majority of attacks shortlived, approx 87.5% less than 1 hour  Big rise from 2012, +10%.  Average attack duration 2 hours 18 minutes (a decrease of 76 mins from 2012). World 2012 Break-Out Duration  Average duration of attacks over 10G is 2 hours 17 minutes.  Proportion of attacks lasting longer than 12 hours continues to drop  4.75% / 3.7% / 3.5% / 1.3% (2010 / 2011 / 2012 / 2013) World 2013 Break-Out Duration <30 Mins <30 Mins >30<60 Mins >30<60 Mins >1<3 Hours >1<3 Hours >3<6 Hours >3<6 Hours >6<12 Hours >6<12 Hours >12<24 Hours >12<24 Hours >24 Hours >24 Hours
  • 9. 2013 ATLAS Initiative : Anonymous Stats, World-Wide Massive Increase in Attacks Using Fragments  30.6% of attacks targeting port 80, down from 36.8% in 2012  Percentage of attacks reported using non-initial fragments see massive increase - 10.2% in 2012, 27.1% in 2013 (so far) World 2012 Break-Out Ports  55% of attacks over 10Gb reported using non initial fragments  Proportion of attacks targeting port 443 roughly steady, 1.33% (from 1.45%)  Percentage of attacks targeting port 53 falls to 6.8%, from 10% last year World 2013 Break-Out Ports 80 22 443 7000 22 443 20480 20480 6005 53 Non Initial Fragment Non Initial Fragment 53 80 Other Other
  • 10. 2013 ATLAS Initiative : Anonymous Stats, World-Wide Average Attack Growth trend in Mbps  Average attack is 3.37Gbps, September 2013  Consistently over 3Gb/sec for Q3 2013  VERY rapid growth in average attack size (Mbps) in 2013 Average Monthly Mbps of Attacks 4000 3500 3000 2500 2000 1500 1000 500 0 January March May July September November January March May July September November January March May July September November January March May July September November January March May July September 3370
  • 11. 2013 ATLAS Initiative : Anonymous Stats, World-Wide Average Attack trend in Kpps  Average attack is 1.18Mpps, September 2013  Attack PPS rates seem to be waning in 2013 (so far) Average Monthly Kpps of Attacks 2500 2000 1500 1182 1000 500 January March May July September November January March May July September November January March May July September November January March May July September November January March May July September 0
  • 12. 2013 ATLAS Initiative : Anonymous Stats, World-Wide Largest Monitored Attack Sizes Year on Year  Largest monitored attack in 2011, BPS:  101.394Gb/sec, destination unknown  Lasted 37 minutes.  Largest monitored attack in 2012, BPS  100.84Gb/sec, destination unknown  Lasted 20 minutes  Largest monitored attack in 2013 (so far), BPS  191Gb/sec (UDP/Fragment), Sweden  Lasted 14 minutes  Largest monitored attack in 2011, PPS:  139.68Mpps, destination India  Lasted 25 minutes  Largest monitored attack in 2012, PPS  82.36Mpps, destination unknown  Lasted 24 minutes  Largest monitored attack in 2013 (so far), PPS  73.9Mpps (TCP/443), destination unknown  Lasted 3 hours 39 minutes
  • 13. 2013 ATLAS Initiative : Anonymous Stats, World-Wide Peak Attack Growth trend in Gbps  Peak attack in September 2013 is 150.23Gbps  Continued spikes at 100Gbps+  New largest ATLAS monitored attack – 191Gbps in August Peak Monthly Gbps of Attacks 250 191.02 200 150 150.23 100 50 September July May March January November September July May March January November July September May March January November September July May March January November September July May March January 0
  • 14. Spamhaus DDoS Attack March 2013 • Largest DDoS attack seen to date • • Traffic levels verified by service provider community. • ATLAS stats not provided by involved operators • • DNS Reflection/Amplification Attack • Not a new attack vector • Responsible for other large (100Gb/sec) attacks in the past Emphasizes the need to restrict open DNS Resolvers and implement BCP 38/84 at network edges. Key concern is that other groups will start generating larger attacks, given the media focus on the Spamhaus attacks.
  • 15. 2013 ATLAS Initiative : Anonymous Stats, World-Wide Peak Attack Growth trend in Mpps  Peak attack in September 2013 is 58.26Mpps  Peak monthly attack sizes broadly similar to 2012 Peak Monthly Mpps of Attacks 120 100 80 58.26 60 40 20 September July May March January November September July May March January November September July May March January November September July May March January November July September May March January 0
  • 16. Thank You