Changing nature of DDoS attacks

The volume of packets-per-second (PPS) has almost quadrupled compared to Q3 2010, illustrating a significant increase in the size and diversity of DDoS attacks over the past 12 months, according to Prolexic Technologies.

Of all attacks mitigated by Prolexic, approximately 24% were SYN floods, 22% were ICMP floods, and 19% were UDP floods, indicating a change in attack tactics.

High PPS SYN floods, in particular, target DDoS mitigation appliances by exhausting their processing capabilities with millions of small packets per second, which are commonly vulnerable to such attacks. For example, popular 10 Gbps appliances often exhibit peak handling rates of less than 5 million packets per second.

The prevalence of high packet per second SYN floods indicates a change in strategy where attacks are less sophisticated, but more deadly.

Highlights from the report:

  • Network layer (Layer 3) attacks were the most common, making up 83% of total attacks with application layer attacks (Layer 7) accounting for the remaining 17%.
  • Average attack duration was 1.4 days and the average speed of traffic mitigated was 1.5 Gbps.
  • The highest volume of attacks occurred during the period of August 19-25 and August was the month with the highest number of attacks overall.
  • The top three countries from which attacks originated were China, India, and Turkey with China-based IP addresses accounting for 55% of attacks.
  • Online gambling was the most heavily targeted industry with an average traffic speed of 1.3 Gbps and average attack duration of 1.2 days.

Paul Sop, CTO at Prolexic said: “Online retailers and e-Commerce businesses are at the greatest risk of attack in the final quarter of the year, even if they have DDoS mitigation in place. The simple truth is that automated mitigation tools and providers who offer only basic mitigation capabilities are likely to struggle against these kinds of attacks because they do not have an infrastructure in place with sufficient packet per second processing capacity.”

The complete report is available here (registration required).

Don't miss