nanog mailing list archives
Re: Over a decade of DDOS--any progress yet?
From: Jay Coley <jay () prolexic com>
Date: Wed, 08 Dec 2010 16:47:09 +0000
On 08/12/2010 16:14, Drew Weaver wrote:
I would say that > 99% of the attacks that we see are 'link fillers' with < 1% being an application attack. thanks, -Drew
This has been our recent experience as well. There are some pure app attacks, to be sure, but we many blended attacks also. Bandwidth (UDP/ICMP/SYN Flood) attack to distract with a app attack (GET/PUSH floods) attempting to run underneath the radar. We regularly see SYN floods these days > 20 Gb/s. The thing to bear in mind is that app attacks *are* difficult to detect as they are low bandwidth and make a full TCP connection. As a result many IDS/Firewalls etc regularly miss these attacks. Lastly there is usually always someone at the other end of these attacks watching what is working and what is not. If the attack doesn't work they will simply round up more bots to increase the attack bandwidth or change the attack vector. Best, --J --- Jay Coley Prolexic Technologies
Current thread:
- Re: Over a decade of DDOS--any progress yet?, (continued)
- Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
- RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Jack Bates (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Jeffrey Lyon (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Jack Bates (Dec 08)
- RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 08)
- RE: Over a decade of DDOS--any progress yet? Randy McAnally (Dec 08)
- RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 10)
- Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Jay Coley (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
- RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 10)
- Re: Over a decade of DDOS--any progress yet? Joel Jaeggli (Dec 10)
- Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 10)
- Re: Over a decade of DDOS--any progress yet? Christopher Morrow (Dec 11)
- Re: Over a decade of DDOS--any progress yet? Jeffrey Lyon (Dec 11)
- Re: Over a decade of DDOS--any progress yet? Christopher Morrow (Dec 11)
- RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 13)
- Re: Over a decade of DDOS--any progress yet? Christopher Morrow (Dec 13)
- Re: Over a decade of DDOS--any progress yet? Aaron Glenn (Dec 11)