Re: Arbor Reports 540Gbps "Sustained" Attack

[Maxwell Cole <mcole.mailinglists () gmail com>]

Heya.

I can’t speak with any evidence but I do have some infrastructure in Brazil and I can tell you I saw stubbornly 
persistent packet loss for the past two months. Across at least two tier one backbones.  I don’t know anything about 
500Gbps but large sustained DDoSes against BR locations for the past two months would not surprise me in the least.

Cheers,
Max

> On Aug 31, 2016, at 3:37 PM, Dennis B <infinityape () gmail com> wrote:
>
> https://www.arbornetworks.com/blog/asert/rio-olympics-take-gold-540gbsec-sustained-ddos-attacks/
>
> I've used SP Peakflow before and I have my opinions. With all the
> intelligence out there about DDoS attacks, DDoS attackers, DDoS tools and
> techniques this article leaves me with ton's of questions.
>
> IE: What industry was the attack target? Was it a single customer or
> multiple customers at the same time? What was the attack vector? Was it
> multi-vector? What was the duration of the 540Gbps attack? Did you actually
> block the attack or did you just report on it from your cloud signaling
> alliance aka cloud offering? Could you help explain if the peak of the
> attack lasted X minutes, Y hours, Z days? What was the attack targeted
> protocol? Was it TCP against TCP or UDP against UDP or UDP against TCP?
>
> I have to be honest, IDK if Arbor is attempting to claim the largest
> recorded DDoS attack in the world cup of DDoS attacks but the fact that
> your a local appliance shop. Selling to the global 100 and T1-3 ISPs - I'd
> hope for more than a marketing ploy to take the top attack vector.
>
> Thought I'd ask Nanog if they heard any whispers about this "white
> buffalo", which ISPs were Transiting the event, what course of actions were
> taken.
>
> Thanks!