Arbor Network’s ATLAS threat intelligence infrastructure has recorded a continuation of extremely high volume attacks, including the largest attack ever detected, a 334Gbps attack targeting a network operator in Asia. Arbor's Q1 2015 global DDoS attack data also shows that in Q1 2015, there were 25 attacks larger than 100Gbps globally. Arbor’s data is gathered through ATLAS, a collaborative partnership with more than 330 service provider customers who share anonymous traffic data.
Arbor Networks, a leading provider of DDoS and advanced threat protection solutions for enterprise and service provider networks, said that the majority of recent very large attacks leverage a reflection amplification technique using the Network Time Protocol (NTP), Simple Service Discovery Protocol (SSDP) and DNS servers.
Arbor said that Reflection amplification is a technique that allows an attacker to both magnify the amount of traffic they can generate, and obfuscate the original sources of that attack traffic. This technique relies on two unfortunate realities: firstly, many service providers still do not implement filters at the edge of their network to block traffic with a ‘forged’ (spoofed) source IP address; secondly, there are plenty of poorly configured and poorly protected devices on the Internet providing UDP services that offer an amplification factor between a query sent to them and the response which is generated, said the company.
Darren Anstee, Director, Solutions Architects, for Arbor Networks
Attacks that are significantly above the 200Gbps level can be extremely dangerous for network operators and can cause collateral damage across service provider, cloud hosting and enterprise networks. DDoS attacks continue to evolve. Not only have volumetric attacks grown significantly in size and frequency over the past 18 months, application-layer attackers are also still pervasive. In order to deal with the full scope of the modern DDoS threat, we strongly recommend a multi-layered defense, one that integrates on-premise protection against application-layer attacks with cloud-based protection against higher magnitude volumetric attacks.