Over a decade of DDOS--any progress yet?

Jay Coley jay at prolexic.com
Wed Dec 8 10:47:09 CST 2010

On 08/12/2010 16:14, Drew Weaver wrote:
> I would say that > 99% of the attacks that we see are 'link fillers' with < 1% being an application attack.
> thanks,
> -Drew

This has been our recent experience as well.  There are some pure app
attacks, to be sure, but we many blended attacks also.  Bandwidth
(UDP/ICMP/SYN Flood) attack to distract with a app attack (GET/PUSH
floods) attempting to run underneath the radar.  We regularly see SYN
floods these days > 20 Gb/s.

The thing to bear in mind is that app attacks *are* difficult to detect
as they are low bandwidth and make a full TCP connection.  As a result
many IDS/Firewalls etc regularly miss these attacks.

Lastly there is usually always someone at the other end of these attacks
watching what is working and what is not.  If the attack doesn't work
they will simply round up more bots to increase the attack bandwidth or
change the attack vector.

Jay Coley
Prolexic Technologies

More information about the NANOG mailing list