[AusNOG] DDoS attack sizes

Tin, James jtin at akamai.com
Mon Feb 8 17:13:44 EST 2016


I would agree with Bob on this. 

Adding more BW will not address the risk. 

The best solution is to have DDoS mitigation in place, that is as far away as possible from the asset you’re trying to protect. 

Building your own may be an option, but it’s incredibly expensive to maintain equipment and have BW at all these locations sitting idle. 
Alternatively you can purchase DDoS mitigation from a credible DDoS mitigation provider. The things to look out for are:
A solution provider that does not have black holing as a last measure.
They have enough capacity to handle multiple ddos attacks
They have the experience and skills to handle the new forms of multi vector, blended application and exhaustion attacks
Strong SLA’s on time to mitigate and time to respond to DDoS
I believe the largest we’ve seen domestically in Australia is around 30Gbps. We’re seeing a trend for attacks to be smaller in BW size, but more complex and higher packets per second, which cause problems for carrier core routers.

Australia is now in the top 10 source countries of DDoS attacks and top 10 for sources of application layer attacks (usually due to compromised internet connected devices). 
 
James Tin
Principle Enterprise Security Architect
Mobile: +61 466 961 555
Whatsapp: +61 466 961 555
Skype: jtin217Akamai Technologies
Level 7, 76 Berry St
North Sydney NSW 2060
Australia

From:  Bob Woolley <boblobsta at gmail.com>
Date:  Monday, February 8, 2016 at 4:55 PM
To:  Nick Evendor <nickevendor at outlook.com>
Cc:  "ausnog at ausnog.net" <ausnog at ausnog.net>
Subject:  Re: [AusNOG] DDoS attack sizes

Given that DDoS's have been observed at 100's of Gigabits, and also the ridiculous availability of "tools" which can generate 10's of Gigabits of "test traffic" any day of the week, buying more transit will never really beat the curve. 

-Bob W

On 8 February 2016 at 15:42, Nick Evendor <nickevendor at outlook.com> wrote:
Yesterday we experienced an 850 megabit DDoS attack towards a hosting customer which almost filled our gigabit uplink and made our upstream provider call me on a Sunday due to abnormal traffic on our port.

Thank god it was Sunday so our network was underutilized with no collateral damage and everything remained working, but I asked the upstream provider what we can do about it other than null routing the destination and they said purchase more capacity.

In the past we have seen a few attacks but they have only been a few hundred megabits and never come close to saturating our gigabit uplink.

What size attacks are people seeing and is it time to over purchase bandwidth and move to a ten gigabit service.

Nick


_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160208/11232f61/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 364038DB-1793-4CEE-AA7A-0E17D5E7892C[5].png
Type: image/png
Size: 2717 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160208/11232f61/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4149 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160208/11232f61/attachment.bin>


More information about the AusNOG mailing list