DDoS attacks leverage amplification techniques using NTP, among others
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.
April 29, 2015
According to the latest statistics from DDoS mitigation firm Arbor Networks, most recent DDoS (Distributed Denial of Service) attacks have grown in volume with 25 attacks larger than 100 Gbps globally in the first quarter of this year.
The overall majority of recent super-sized attacks leverage various reflection amplification techniques such as the Network Time Protocol (NTP), Simple Service Discovery Protocol (SSDP) and DNS servers, among others.
SSDP reflection amplification attacks are becoming particularly fashionable, rising to 126,000 in Q1 2015 from 83,000 in Q4 2014 and just three in Q1 2014.
The largest DDoS attacks peaked at an average of 138 Gbps. Reflection amplification is a technique that allows an attacker to both magnify the amount of traffic they can generate while hiding its source.
The technique relies on the many poorly configured and poorly protected devices on the Internet providing UDP services.
Sending a dodgy request with the spoofed address of the intended target generates a response, much bigger in size than the original request, that's pushed towards the target web site drowning out legitimate requests.
Such shenanigans are possible because many service providers still do not implement filters at the edge of their network to block traffic with a forged (ie: spoofed) source IP address.
Overall, the largest peak attack-of-any-type size record in the last few months has already been broken in 2015 with a 334 Gbps attack in India, leapfrogging the previous high of 325 Gbps.
The United States was targeted more than any other single country, bearing the brunt of around one in six of DDoS attacks.
Generally speaking, attacks are becoming shorter but they are packing even heavier punches. The majority (approx. 90 percent) of attacks last less than one hour.
“Attacks that are significantly above the 200 Gbps level can be extremely dangerous for network operators and can cause a lot of collateral damage across service providers, cloud hosting and enterprise networks,” said Darren Anstee, a lead engineer at Arbor Networks.
"Not only have volumetric attacks grown significantly in size and frequency over the past 1 1/2 year, application-layer attackers are also still pervasive," he added.
Arbor Networks statistics were sourced from operating its ATLAS threat intelligence infrastructure, which monitors about 35 percent of all internet traffic from 330 customers, mostly phone companies and ISPs.
Source: Arbor Networks.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!