Re: 2009 Worldwide Infrastructure Security Report available for download.

[Danny McPherson <danny () tcb net>]

On Jan 20, 2010, at 8:32 AM, Stefan Fouant wrote:

> I'm wondering if you can clarify why 'Figure 1' only goes up to 2008 and
> states in key findings "This year, providers reported a peak rate of only 49
> Gbps".  I happen to personally recall looking at ATLAS sometime last year
> and seeing an ongoing attack that was on orders of magnitude larger than
> that.

That was an error in the chart (which has since been corrected), it 
should have illustrated that 2009 respondents indicated 49 Gbps was 
the largest observed attack.  FWIW, I've seen empirical evidence 
supporting much larger attacks (~82 Gbps), and the Akamai folks indicated 
recently they'd seen attacks on the order of 120Gbps towards a single 
target.  However, these attacks were NOT reflected in survey feedback
expressly, and were therefore not included in the report.

> An interesting observation was the decrease in the use of flow-based tools,
> and the corresponding increase in the use of things like SNMP tools, DPI,
> and customer calls for attack detection.  Surely this must have been a
> factor of a larger respondent pool... I'd really like to think people aren't
> opting not to use flow-based tools in favor or receiving customer calls :(

Yep, I think this is simply an artifact of a larger respondent pool
size, with many smaller respondents being represented.

-danny