the DDOS armsrace increasing very fast in speed according to Arbor Networks

so if you thought that you had some defenses against the most popular (oldstyle) attack nowadays DDOS by just turning on some feature on your firewall or router, you couldn't be more mistaken

look at the numbers

"KEY FINDINGS: DDoS attack size accelerating rapidly


  • 54% of attacks so far this year are over 1Gb/sec, up from 33% in 2012
  • 37% of attacks so far this year are in the 2-10Gb/sec range, up from 15% last year
  • 44% growth in proportion of attacks over 10Gb/sec, to 4% of all attacks
  • More than 350% growth in the number of attacks monitored at over 20Gb/sec so far this year, as compared to the whole of 2012
  • For 2013, an average DDoS attack now stands at 2.64Gb/sec, up 78% from 2012
  • 87% of all attacks monitored so far this year last less than one hour
  • Largest monitored and verified attack size increases significantly to 191Gb/sec

this means that you will need backup plans with your ISP or other providers to be able to redirect - blackhole the attacks immediately and that those plans should include at least 1GB bandwith and be able to be upgraded very fast to over 20GB (which will ask quite a budget)

the best way to do this for small isp's, hosters and websites or networks is to group together and have a contract together in which each pays a part of the permanent standby service and afterwhich for its effective use

it is very important that those contracts can be activated immediately - so services without permanent staff all year long are not credible because most of the attacks take one hour (after which they ask money or make a big press splash with pictures of your downed sites)

critical webservices like, payment and certification services and critical infrastructure should be obliged by 'law' to have for the moment adequate ddos protection

I have no link to arbor networks - just like their intelligence

The comments are closed.