prolexic quarterly ddos attack report q1 2013
DESCRIPTION
Prolexic is the world's largest and most trusted distributed denial of service (DDoS) protection & mitigation services as well as network intrusion prevention solutions.TRANSCRIPT
Overview of Prolexic Quarterly DDoS Attack Report Q1 2013
www.prolexic.com
2www.prolexic.com
Prolexic Quarterly DDoS Attack Report: Q1 2013
• What happened in Q1 2013?– The most formidable distributed denial of service
(DDoS) attacks to date– More than 10 percent of attacks exceeded 60
Gigabits per second (Gbps)– The headline-making Spamhaus.org attack
May 2013 www.prolexic.com
3www.prolexic.com
Average Bandwidth of DDoS Attacks in Q1 2013
• Volumetric bandwidth averaged an attention-grabbing 48.25 Gbps
4www.prolexic.com
Emerging DDoS Attack Trends: Q1 2013
• Important trends?– Targeting Internet Service Providers (ISPs) and
Carrier router infrastructures– High average packets-per-second (PPS) • Greater average than most DDoS mitigation equipment
capacity.• Even routers carrying traffic to the mitigation
equipment would be strained at this level– See full report for details on PPS trends
5www.prolexic.com
Analysis of Attack Types: Q1 2013
• Attackers focused on infrastructure attacks• Favored application attacks were:– SYN– GET– UDP– ICMP
• Download the full report for percentages and graphs by attack type, including attack volume and trends
6www.prolexic.com
DDoS Attack Frequency in Q1: 2013 vs 2012
• Prolexic mitigated more DDoS attacks than ever in Q1 2013• The month of March accounted for nearly half of all Q1
attacks (44 percent)
8www.prolexic.com
DDoS Attack Case Study: An Enterprise (Q1 2013)
• Case 1: Enterprise Organization– Attack traffic peaked at a massive 130 Gbps– Multiple botnets with thousands of compromised
servers– Primarily SYN, UDP and DNS floods– Modifications to attack scripts executed on the fly,
requiring expertise and responsiveness to block them– Successfully mitigated by Prolexic.– Get full report for specific attack vectors and traffic
distribution and other details
9www.prolexic.com
DDoS Attack Case Study: DNS Reflection (Q1 2013)
• Case 1: DNS Reflection attack against Prolexic– New extensions such as SNSSEC are being used as attack
vectors– Attack directed at ns1.prolexic.com on Jan 23, 2013– Malicious actor used DNS amplification techniques
• 64 byte request generated a response exceeding 3,000 bytes and averaged 1,200 bytes
• 18x amplification
– Successfully mitigated by Prolexic– View full report for specific attack metrics, traffic distribution,
heat map of participating countries, and more
10www.prolexic.com
Prolexic Q1 2013 Global Attack Report
• Download the Q1 2013 Global Attack Report for:– Average and trends in attack duration and bandwidth – Total number and trends of attacks by type– In-depth case studies– Year-over-year and quarter-over-quarter comparisons – A look forward at emerging DDoS trends
• About Prolexic– Prolexic Technologies is the world’s largest and most trusted
distributor of DDoS protection and mitigation services.– Prolexic Security and Engineering Response Team (PLXsert) monitors
the global malicious cyber threats and actively analyzes DDoS attacks using proprietary techniques and equipment.