nanog mailing list archives

Re: Over a decade of DDOS--any progress yet?

From: Jay Coley <jay () prolexic com>
Date: Wed, 08 Dec 2010 16:47:09 +0000

On 08/12/2010 16:14, Drew Weaver wrote:

I would say that > 99% of the attacks that we see are 'link fillers' with < 1% being an application attack.

thanks,
-Drew


This has been our recent experience as well.  There are some pure app
attacks, to be sure, but we many blended attacks also.  Bandwidth
(UDP/ICMP/SYN Flood) attack to distract with a app attack (GET/PUSH
floods) attempting to run underneath the radar.  We regularly see SYN
floods these days > 20 Gb/s.

The thing to bear in mind is that app attacks *are* difficult to detect
as they are low bandwidth and make a full TCP connection.  As a result
many IDS/Firewalls etc regularly miss these attacks.

Lastly there is usually always someone at the other end of these attacks
watching what is working and what is not.  If the attack doesn't work
they will simply round up more bots to increase the attack bandwidth or
change the attack vector.

Best,
--J
---
Jay Coley
Prolexic Technologies

Current thread:

Re: Over a decade of DDOS--any progress yet?, (continued)
- - - Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
    - RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Jack Bates (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Jeffrey Lyon (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Jack Bates (Dec 08)
    - RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 08)
    - RE: Over a decade of DDOS--any progress yet? Randy McAnally (Dec 08)
    - RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 10)
    - Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Jay Coley (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
    - RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 10)
    - Re: Over a decade of DDOS--any progress yet? Joel Jaeggli (Dec 10)
    - Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 10)
    - Re: Over a decade of DDOS--any progress yet? Christopher Morrow (Dec 11)
    - Re: Over a decade of DDOS--any progress yet? Jeffrey Lyon (Dec 11)
    - Re: Over a decade of DDOS--any progress yet? Christopher Morrow (Dec 11)
    - RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 13)
    - Re: Over a decade of DDOS--any progress yet? Christopher Morrow (Dec 13)
    - Re: Over a decade of DDOS--any progress yet? Aaron Glenn (Dec 11)

(Thread continues...)