Growing DoS attacks

Barb Dijker barb at
Wed Jan 16 21:24:10 UTC 2002

At 11:45 AM 1/16/02 -0600, Paul Froutan wrote:
>Hello all,
>Can some of you with larger networks let me know about the volume of the 
>DoS attacks you have experienced lately?  Our experience has been that the 
>volume (not just occurrence) is going up significantly and I'm curious on 
>the size of attacks that people are experiencing.  For reference, while a 
>year or two ago we used to get 50-100 meg attacks, now we're getting 500+ megs.

I don't have a large network, but I had three yesterday morning
between 7 and 10am MST and apparently one last night between 11:30pm and 2am
MST that rippled through until 5am.  That is way high.  We typically see one
every six months or so (modulo worms).  These appeared to be customer hosts as
unwitting dDoS participants... smaller than usual effects probably because we
had participants/sources rather than targets, but one yesterday was big enough
to take us down.  Unix servers.  No spoofing or amps involved (we filter).
High pps, average packet size down to 66 bytes. Didn't snag a capture.

These were not nimda or any form thereof as we have cut off
folks who were not fully patched.


More information about the NANOG mailing list