[AusNOG] DDOS mitigation

Oliver Kwan oliver at prolexic.com
Fri May 10 19:16:08 EST 2013 

No worries Nathan,

We can only comment on what we our global client base experiencing. All we
can say is that attacks are getting bigger, as confirmed by Gartner here:

http://blogs.gartner.com/avivah-litan/2013/03/14/are-the-ongoing-ddos-attacks-against-u-s-banks-just-the-calm-before-the-storm/

Our research team, called PLXsert, detail attack trends against our client
base every 3 months in our quarterly attack report which can be found on
our website link below.

http://www.prolexic.com/knowledge-center-dos-and-ddos-attack-reports.html

This may also be of interest:

http://www.prolexic.com/knowledge-center-video-real-attack-ddos-mitigation-process-160-gbps.html

Hope this is of value and you are welcome to forward any questions.

Cheers

Ollie


On 10 May 2013 18:55, Nathan Brookfield
<Nathan.Brookfield at simtronic.com.au>wrote:

> Ollie,
>
> It would be helpful if you could reply on list, no point this being left
> up in the air.  I know there are people on this list who represent Arbor
> also, It would be good to get a response to the figures mentioned?
>
> Kindest Regards,
> Nathan Brookfield (VK2NAB)
>
> Chief Executive Officer
> Simtronic Technologies Pty Ltd
>
> Local: (02) 4749 4949 | Fax: (02) 4749 4950 | Direct: (02) 4749 4951
> Web: http://www.simtronic.com.au | E-mail:
> nathan.brookfield at simtronic.com.au
>
> -----Original Message-----
> From: ausnog-bounces at lists.ausnog.net [mailto:
> ausnog-bounces at lists.ausnog.net] On Behalf Of oliver at prolexic.com
> Sent: Friday, 10 May 2013 6:43 PM
> To: James Braunegg; ausnog-bounces at lists.ausnog.net; Dobbins, Roland;
> ausnog at lists.ausnog.net
> Subject: Re: [AusNOG] DDOS mitigation
>
> Hi All,
>
> The Prolexic team in Australia are happy to answer any questions off list.
>
> Feel free to channel queries through myself (oliver at prolexic.com).
>
> Thanks & have a good weekend.
>
> Cheers
>
> Ollie
> Sent from my BlackBerry® smartphone on 3
>
> -----Original Message-----
> From: James Braunegg <james.braunegg at micron21.com>
> Sender: ausnog-bounces at lists.ausnog.net
> Date: Fri, 10 May 2013 07:32:53
> To: Dobbins, Roland<rdobbins at arbor.net>; ausnog at lists.ausnog.net<
> ausnog at lists.ausnog.net>
> Subject: Re: [AusNOG] DDOS mitigation
>
> Dear Roland
>
> I've been doing a bit of research on DDoS attacks lately and have been
> looking at information presented by both Arbor and Prolexic
>
> Prolexic says Q1 2013 the average attack from last quarter has increased
> from 5.9Gbps to 48.25Gbps with an average packet per second rate of 32.4
> million packets.
>
> Arbor says the average attack during 2013 Q1 was about 1.77 Gbps, up from
> about 1.48 Gbps in 2012 and this took into consideration the large Spamhaus
> DDoS attack
>
> What's your take on the massive difference between the averages ? does
> Prolexic see larger attacks because they protect larger networks ? or do
> they have less customers thus hence have a larger average ? one thing which
> isn't shown is how big the sample pool data is... or is someone cooking the
> books to put fear into network operators ?
>
> In a recent attack we saw sustained layer 7 attacks for over 24 hours ,
> followed by a 1gbit attack lasting several hours and then short 10 minute
> attacks ranging from 2.5gbit to 17+gbit - graphs from the attacks can be
> found here if anyone is interested - http://www.micron21.com/ddos
>
> Kindest Regards
>
>
> James Braunegg
> W:  1300 769 972  |  M:  0488 997 207 |  D:  (03) 9751 7616
> E:   james.braunegg at micron21.com  |  ABN:  12 109 977 666
>
>
>
> This message is intended for the addressee named above. It may contain
> privileged or confidential information. If you are not the intended
> recipient of this message you must not use, copy, distribute or disclose it
> to anyone other than the addressee. If you have received this message in
> error please return the message to the sender by replying to it and then
> delete the message from your computer.
>
>
> -----Original Message-----
> From: ausnog-bounces at lists.ausnog.net [mailto:
> ausnog-bounces at lists.ausnog.net] On Behalf Of Dobbins, Roland
> Sent: Friday, May 10, 2013 7:07 AM
> To: ausnog at lists.ausnog.net
> Subject: Re: [AusNOG] DDOS mitigation
>
>
> On May 9, 2013, at 11:11 PM, David Miller wrote:
>
> > +1  No transit providers provide S/RTBH to customers for the reasons
> pointed out above and in the RFC.  Perhaps very few transit providers
> > offer it to customers, I've never seen it.  I would be greatly concerned
> by any provider that did offer it to any customer other than me.
>
> My point in bringing up S/RTBH was to note that one isn't limited to
> 'destroying the village in order to save it' via D/RTBH, and that there are
> in fact creative ways that operators can more safely provide their
> downstream customers with S/RTBH capability, such as a dual-advertisement
> strategy which a) triggers diversion of traffic destined to the attack
> targets into a mitigation center and b) denotes the attack source(s) to be
> dropped on the mitigation center coreward interfaces, thus only dropping
> traffic emanating from said attack sources and destined for attack targets
> whose traffic is being diverted through the mitigation center gateways.
>
> > What we should ALL be shouting at router vendors and transit providers
> to support is Flowspec - RFC 5575 ( http://www.ietf.org/rfc/rfc5575.txt ).
>
> Yes, absolutely; it should be included in all router and layer-3 switch
> RFPs as a hard requirement.
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>
>           Luck is the residue of opportunity and design.
>
>                        -- John Milton
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>



-- 
*Oliver Kwan | Vice President of Sales - Asia

Prolexic Technologies | DDoS Attacks End Here. *
*
*
Inside the Prolexic SOC - http://www.youtube.com/watch?v=UP2qpqTe6PU

Inside the Prolexic Portal - http://www.youtube.com/watch?v=sOZrpHmxEPM

*
m: +61 430 86 33 67 (Australia)
**
m: +852 5412 8383 (Hong Kong)
**
e: oliver at prolexic.com

Skype: olliekwan
LinkedIn: Oliver Kwan
MSN: oliver79 at hotmail.com

1930 Harrison Street, Suite 403 | Hollywood, Florida 33020

www.prolexic.com
*

Privileged or/and Confidential Information may be contained in this
message. If you are not the addressee indicated in this message (or
responsible for delivery of the message to such person), you may not copy
or deliver this message to anyone. In such case, you should destroy this
message and kindly notify the sender by reply email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130510/916910c0/attachment.html>

More information about the AusNOG mailing list