DDOS attacks in Australia are shorter but still potent
- 15 April, 2015 12:34
DDOS attacks in Australia are shorter in duration that in other countries but still just as dangerous, according to new data from Arbor Networks.
The average attack length was 22 minutes in Australia compared to 46 minutes across Asia Pacific during the first quarter of 2015. However, the average size attack over the period was 1.25Gbps, twice as big as the average attack in the region.
Arbor said it has documented a dramatic increase in DDOS attack size and activity in the past year. The majority of these attacks use a reflection amplification technique using the network time protocol (NTP), simple service discovery protocol (SSDP), and DNS servers, with large numbers of attacks being detected around the world.
SSDP topped the list of reflection attacks in the first quarter with the largest reported at 26Gbps while the largest NTP reflection attack was 51Gbps.
Reflection amplification is a technique that allows an attacker to magnify the amount of traffic they generate, and obfuscate the original sources of that attack traffic.
This technique relies on two unfortunate realities, Arbor said. Firstly, around half of the service providers do not implement filters at the edge of their network to block traffic with a forged (spoofed) source IP address.
Secondly, there are plenty of poorly configured and poorly protected devices on the Internet providing UDP services that offer an amplification factor between a query sent to them and the response which is generated, Arbor said.
Nick Race, Australia country manager for Arbor Networks said short bursts of DDoS activity required automated defences to protect against them.
“Operators in Australia absolutely should take note,” he said. “On-premise DDoS protection is essential for both detection and mitigation of attacks, enabling bad traffic to be scrubbed in an immediate and automated fashion,” he said.
Follow Byron Connolly on Twitter:@ByronConnolly