The largest DDoS on record hit the Internet at the end of March. A pair of studies released this week from Arbor Networks and Akamai Technologies further reinforces the notion that DDoS is a growing threat, depending on how you interpret the data.
DDoS Getting Bigger
According to Arbor, at the end of the first quarter of 2012 the average size of DDoS attacks was 1.77 Gbps, which is a 19.5 percent increase over the same period in 2012. Larger attacks are also growing, with DDoS incidents delivering packet floods in the 2 to 10 Gbps range now representing 21.5 percent of all attacks, up from 15 percent a year ago.
While DDoS attack size is rising, Arbor reports that 62.4 percent of attacks are still less than 1 Gbps. Considering that many large enterprises and data centers have Internet connections of 10 Gbps or more, you might think that a DDoS of 1 Gbps is not a problem. As it turns out, that’s not the case.
“The fact that the majority of attacks are less than 1 Gbps in size does not mean that if you have sufficient bandwidth and firewall/IP blocking rules, then you are all set,” Carlos Morales, VP of global sales engineering and operations, told eSecurity Planet.
While policy-based blocking mechanisms at the edge of the network are part of the solution, Morales said, they don’t handle many application layer, protocol or connection attacks that can take down services with a smaller amount of traffic. To handle these types of attacks, Morales suggested, you require an intelligent DDoS mitigation system deployed on-premise to block these threats. Examples of attacks that use up very little bandwidth, evade firewalls and take down servers include the Apache Killer, Slowloris and R-U-Dead-Yet (RUDY) attacks.