DDoS Attacks, Russia, 2011- 2012: Patterns and Trends

888 views
818 views

Published on

The presentation was delivered at the ENOG 3/RIPE NCC Regional Meeting on 22-23 May 2012 in Odessa by Artyom Gavrichenkov, R&D Team Lead at HLL.

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
888
On SlideShare
0
From Embeds
0
Number of Embeds
37
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

DDoS Attacks, Russia, 2011- 2012: Patterns and Trends

  1. 1. DDoS Attacks, Russia, 2011-2012: Patterns and Trends Artyom Gavrichenkov ximaera@highloadlab.com
  2. 2. Statistics 2011-2012: > 2500 attacks 17% – ICMP/UDP/SYN/ACK flood 40 attacks > 1 Gbps 2
  3. 3. Statistics Max. attack duration before December, 2011: 486 hours 3
  4. 4. 4
  5. 5. 5
  6. 6. Statistics Max. attack duration, 2011-2012: 1228 hours 6
  7. 7. 7/x
  8. 8. One botnet from Southern Asia 2011, December, http://slon.ru: ~200000 bots 2012, May, http://tvrain.ru: ~182000 bots ~500 IP addresses in common 8
  9. 9. Abuse from Indonesia"what is your ip address 178.248.233.23. youvedone ip flooding / ddos to my server. pleasestop to all conveniently. thx178.248.233.23.80 > x.x.x.x.56834: S ack178.248.233.23.80 > x.x.x.x.3821: S ack178.248.233.23.80 > x.x.x.x.4947: S ack178.248.233.23.80 > x.x.x.x.4948: S ack178.248.233.23.80 > x.x.x.x.32935: S ack 9
  10. 10. Statistics Max. registered bandwidth: 56 Gbps (July, 2011) Max. botnet size: 200000 bots (December, 2011) 4 attacks from multiple botnets simultaneously Attacks often utilize the newest vulnerabilities 10
  11. 11. http://www.nic.ly/ 11
  12. 12. Monday TuesdayWednesday Thursday Friday Saturday Sunday 0 100 200 300 400 500 600 12
  13. 13. ISPs Weekends often see larger attacks ISP tech. support in Russia works better on workdays ISPs and IXPs often totally ignore abuses 13
  14. 14. January February March April May June July AugustSeptember OctoberNovember 0 20 40 60 80 100 120 140 160 December excluded as untypical (legislative election) 14
  15. 15. Attack Goals Money Politics Botnet promotion Protest+ B1TC01N$: BKDR_BTMINE.DDOS 15

×