Brace for stronger DDoS attacks, security firm warns

The average size of DDoS attacks is still climbing with the number breaching 20Gbps around four times the level seen a year ago, according to Arbor Networks.

The firm's numbers of the first three quarters of 2013 show a rising curve with average attack sizes reaching 3-3.5Gbps, compared to 1.48Gbps for the same period in 2012. For the year as a whole, the average was now 2.64Gbps.

Although no attack in the third quarter reached the extreme scale of March's humungous 300Gbps Spamhaus super-DDoS, the firm's Atlas system did record one of 191Gbps in August, which suggests that the new traffic ceiling is shifting from 100Gbps to 200Gbps.

Probably more significant was the more than fourfold rise in the number of attacks over the 20Gbps threshold compared to 2012 with three months of the year still left to run, Arbor said.

Volume of attacks increases

Away from the notion of size, other trends are now well established, including that for packets per second (PPS) sizes, which are now on a downward path after major growth in the previous two years; IP fragmentation attacks had risen sharply from around one in ten attacks to more than a quarter.

Arbor also found that almost nine out of ten DDoS attacks lasted for less than an hour although larger ones usually went on for much longer.

Spamhaus hasn't been the only significant incident. A major DDoS of unknown size on the China's .cn country code top level domain in August briefly disrupted Internet access in the country.

"While we didn't witness a Spamhaus-sized 300Gbps attack this quarter, the largest attack size we did see in ATLAS was still pretty remarkable at 191Gbps," said Arbor's solutions architect, Darren Anstee.

Subscribe to the Power Tips Newsletter

Comments