[AusNOG] The shape of DDoS to come
Paul Gear
ausnog at libertysys.com.au
Thu Oct 27 15:58:57 EST 2016
On 27/10/16 12:57, Roland Dobbins wrote:
>
> On 27 Oct 2016, at 8:15, Peter Tiggerdine wrote:
>
>> Unpatched home routers are likely to make up the bulk of the traffic
>
> The overwhelming majority of the attacking systems at layer-3/layer-4
> were Mirai, which is largely compromised of DVRs IP cams, and the like.
>
> Some of these nodes can manage up to 4kpps.
On 27/10/16 12:58, Roland Dobbins wrote:
> On 27 Oct 2016, at 6:02, Paul Wilkins wrote:
>
>> After Mirai's 1.2Tbps,
>
> This number is unconfirmed, FYI.
>
> In many cases, we see organizations forget to subtract their baseline
> traffic from DDoS pps/bps/qps/cps estimates.
Hi Roland,
I'm curious about your take on the numbers being quoted. Dyn claims
they saw traffic from 10s of millions of unique IPs, yet last estimates
of Mirai's size I heard were at least an order of magnitude lower than that.
What do you think accounts for the difference? Could it be that with
the release of the Mirai source code that we are seeing multiple similar
botnets in action? Or are there more mundane miscalculations and/or
misreportings at work?
Thanks in advance,
Paul
More information about the AusNOG
mailing list