[dns-operations] "Analyzing Large DDoS Attacks Using Multiple Data Sources"
David Ulevitch
davidu at everydns.net
Wed Sep 13 07:03:52 UTC 2006
On Sep 12, 2006, at 9:40 AM, Paul Vixie wrote:
> http://www.research.att.com/~kobus/docs/ddos.lsad.pdf
It seems like they didn't see the same kind of attacks other folks
report.
" (ii) Packet rates are in the tens of thousands per second, maximum
close to 1 million packets per second. (iii) Most attacks use TCP. "
PPS in the 10kpps range and mostly TCP means that they are seeing old-
style DDoS attacks -- at least that's how I interpret it.
As for most packets not being spoofed, that's been the case for a few
years now. It's only when the spoofing is the attack vector (as in
the DNS amplification attack) otherwise TCP based attacks are usually
far more advantageous and effective , from an attackers perspective.
-david
>
> (presented at sigcomm recently)
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations
More information about the dns-operations
mailing list