Slate Podcast on Estonian DOS atatck
Danny McPherson
danny at tcb.net
Fri May 25 01:56:04 UTC 2007
On May 24, 2007, at 4:58 PM, Bill Woodcock wrote:
>
>> First of it's kind that it targeted a country.
>
> No, at the very least, Moonlight Maze and Titan Rain came before.
> But by
> today's standards, Moonlight Maze would have been trivially small. I
> don't have any numbers for Titan Rain. Anyone know how it compared
> to the
> 4mpps of this attack?
A data point based on some information we have from looking
at inter-domain traffic and attack attributes across ~40 ISPs
(~1 Tbps) over ~250 days now (and rolling):
Days seeing at least one attack exceeding a given threshold:
> 6 Mpps 1
> 5 Mpps 12
> 4 Mpps 33
> 3 Mpps 53
> 2 Mpps 91
> 1 Mpps 149
Total attacks exceeding a given threshold:
> 6 Mpps 1
> 5 Mpps 17
> 4 Mpps 82
> 3 Mpps 135
> 2 Mpps 352
> 1 Mpps 813
The above is from the perspective of *a single ISP*, so the aggregate
of the attack is likely to be far greater (cross-ISP correlation of
targets
are NOT reflected in _this dataset). Mpps and greater attacks make
up far less than 1% of the attacks we see (we've have data for ~142k
known attacks over this period).
More on this in the near future and note that none of the above is
meant to marginalize the Estonian attacks in any way, 4 Mpps is a
lot depending on where it's directed and how it's mitigated - it's
ALL about perspective.....
-danny
More information about the NANOG
mailing list