Intense 20 Gbps DDoS attacks became the norm in Q3 2012

Posted: October 30, 2012 in IT Security News
Tags: ,

Vulnerability

DDoS-attack

In the last quarter, had a chance to reflect Prolexic Technologies 7 DDoS-attack capacity of over 20 GB / s, directed to the resources of its customers. Some of them were conducted by hackers using php-bot itsoknoproblembro.

“Last year, DDoS-attack above 20 Gb / s was unthinkable, but now seen as commonplace,” – says (Stuart Scholly, President of Prolexic. – “For reference, in the business world, few people has a network infrastructure capable of supporting such traffic load.”

Although the intensity of DDoS-specific campaigns has increased, the number of attacks on Prolexic customer base decreased by 14% compared with the II quarter. However, the figure for the year nearly doubled. DDoS-speed traffic in July-September, an average of 4.9 Gb / s, which is 11% higher than in the previous quarter. The number of packets per second (pps), sent by bots continues to grow, and for 3 months increased by 33%, from 2.7 to 3.6 million.

Prolexic comparative statistics summarized in a more compact form:

Changes from II quarter of 2012

  • reduction in the total number of attacks – 14%
  • increase in the average power – 11%
  • increase in average – from 17 to 19 hours

Changes to the III quarter of 2011

  • increase in the total number of attacks – by 88%
  • increase in the average power – 230%
  • decrease in the average duration – from 33 to 19 hours

In III quarter, as in previous, didosery preferred using protocols 3 and 4 levels, which share in the period accounted for 80% of incidents. The remaining 20% ​​DDoS-attacks have been carried out at the application level. Experts have recorded five main techniques used by hackers: SYN flood (23,53% of incidents), UDP flood (19,63%), ICMP flood (17,79%), GET flood (13,50%) and UDP flood fragmentation packages (9.00%). Prolexic also noted the unusual types of attacks: SYN PUSH, FIN PUSH (in both cases, is a modification of bit flags in the TCP-header) and RIP flood.

Routing Protocol RIP (Routing Information Protocol), known since the ARPANET and so uncharacteristic didoserov arsenal, was used in the attack by the reflection (reflection). With these new products Prolexic currently distinguishes 18 types of DDoS-attacks, while a year ago, there were only 9.

The main springboard DDoS-attackers still is China, whose share in the last quarter accounts for 35% DDoS-attacks. U.S. climbed to the 2nd level, worsening their results from 8 to 27%. In the Top 10 countries for this indicator includes 2 beginner: Saudi Arabia (4%) and the UK (3%).

Links:

http://www.prolexic.com/knowledge-center-ddos-attack-report-2012-q3.html

http://www.prolexic.com/…ddos-attacks-20-gbps-is-the-new-norm-2012-q3.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s