& cplSiteName &

When Size Matters

Carol Wilson

It is easy to get lost in the numbers when discussing distributed denial of service (DDoS) attacks and other network breaches but the figures Arbor Networks released this week regarding DDoS attacks are worthy of special note. They are a strong indication of new threats for which network operators need to be prepared. (See Arbor Sees Alarming Rise in Size of DDoS Attacks.)

Those numbers come from the 275 network operators that are customers of Arbor Networks 's Atlas network security system and regularly report troublesome activity. They show that larger bit-per-second attacks are back in vogue, and have grown so rapidly they threaten to not only cause massive problems for their targeted companies but also for networks in general.

For the past couple of years, larger packet-per-second attacks were more the norm, says Darren Anstee, solutions architect team manager for Arbor. Those tend to exhaust forwarding performance.

Last March, however, the largest single cyber-attack to date was launched against the servers of Spamhaus, a non-profit agency that battles spam. Since that attack, the trend has been to ever larger bit-per-second attacks. The Spamhaus attack, which hit 300 Gbit/s, affected Internet traffic globally and hurt many businesses in the process.

And here are the staggering numbers: There has been more than 350 percent growth in the number of attacks monitored at greater than 20 Gbit/s so far this year, as compared to 2012. The average DDoS attack in 2013 is currently measured at 2.64 Gbit/s, up 78 percent from last year.

That's of particular concern to service providers because attacks of that size will not only swamp the resources of the target company but can also swamp aggregation routers serving that company and others, and create major congestion issues for the network in general.

"There is a much broader range of organizations that are going to get their Internet connectivity completely saturated by an average attack," says Anstee. "They will be dependent on their service providers or on cloud-based protection to deal with that."

These attacks are being launched either by cyber-criminals, who use them as distractions for other activity or as "take-outs" for extortion or other purposes, or by so-called "hacktivists," who for a variety of ideological reasons, target various companies or web operations for attack to make a political point.

Two suspects have been arrested in the Spamhaus attack, for example, one a Dutch participant in countercultural ISP and one a UK schoolboy who was apparently making considerable money from Internet activity. They targeted Spamhaus because of its efforts to identify and stop spam email that poses security threats.

Because it's harder to predict where attacks will come from next, it's become much more important to prepare for them, Anstee says. And that means making sure there are solutions in place to help customers who are attacked, as well as protection for the service providers' infrastructure to prevent or respond to collateral damage from these massive attacks.

"Since we are seeing more very large attacks -- we saw a 191Gbits/sec attack in August -- service providers also need to be looking at capacity planning models for their mitigation infrastructure," he warns. As the size of average and peak attacks grows, network operators must make sure they can deal with these larger threats.

As I said at the outset, it's easy to get lost in such staggering figures, but the latest warnings are not something to glaze over. There have been many other warnings as well, and expressions of concern that service providers aren't taking the rapidly growing threats seriously. Given that Arbor's numbers come straight from the networks themselves, this is proof of what lies ahead, ready or not. (See Security Threat Intensifies for Service Providers.)

— Carol Wilson, Editor-at-Large, Light Reading

(6)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
User Rank: Light Sabre
10/21/2013 | 4:37:48 AM
Re: Are we shock-proof?
I started researching the service provider security space three or four years ago and was immediately struck by the confluence of proven incidents of attacks that have had truly devastating effects alongside some positively steaming shovels full of fear-mongering bullshit on the part of some security vendors. The two really do co-exist.

As my research has gone on, I've found that the pitching of security solutions into the service provider space is typically quite a lot more sober than it is into the enterprise.

Very few service providers fall for the histrionics-based sell, in my experience This is either because they're highly security-savvy and know how to categorize risks according to the threat level they represent.

Or (as is still too often the case) it's because they can't differentiate different threat levels, can't be bothered to, and don't much care about anything beyond the next quarter's revenue target. In the case of these guys, if they invested in the right security solutions they might find that a couple of unexplained outages which suspended their ability to bill during the quarter were actually caused by malicious attacks but hey, why let that interfere with sound accountant-led thinking, right?

I'm actually struck by how sober and business-case oriented most pitching of security solutions to service providers is these days. I'm also struck, not coincidentally, by the relatively high rate of failure among the minority of security solution vendors who shriek with scant evidence that the sky is falling in. They often find that it's actually them that the sky subsequently falls in on where service provider business is concerned.

Where Arbor Networks is concerned I've an interest to declare in that I've done quite a bit of work with them. They have laced my palm with silver. They're one of the sponsors of Light Reading's second Mobile Network Security conference that I'm chairing in New York on December 5th, for example (see our LIve Events listing).

So take this with a pinch of salt if you will, but when I talk to service providers, the feedback I get about Arbor is that they are one of a select few companies whose opinions and solutions for service provider security are nearly always taken very seriously pretty much anywhere in the world.

Better still, ask around yourself, and see if you encounter a different pattern. I'd be very surprised.
Carol Wilson
Carol Wilson,
User Rank: Blogger
10/18/2013 | 7:35:35 PM
Re: Are we shock-proof?
Hacktivists are organizations with a political ax to grind - think Anonymous or Wikileaks -- and their wanna-bes - who launch attacks to make a point, and not necessarily for profit. 

That is a trend we should possibly be following more closely. 
Carol Wilson
Carol Wilson,
User Rank: Blogger
10/18/2013 | 7:33:54 PM
Re: Are we shock-proof?
I actually did a rather extensive search of the SpamHaus attack and never saw anything that said it was a PR hoax. A number of respected tech sites took this very seriously so if it is a hoax, it was wildly successful, fooling Cnet, Cisco, slashdot, zdnet, reddit and nextweb. 

I assume the organization you are criticizing is Cloudflare? I did find two reports criticizing them for exaggerating the potential impact of the SpamHaus attack, claiming it could have "broken" the Internet. But even critics admit this was a serious attack. 

Arbor isn't saying these larger attacks are breaking the Internet and yes, they have something to sell toe service providers but no one is hiding that, and being aware of ever larger DDoS attacks is still a good idea. 
User Rank: Light Beer
10/18/2013 | 5:58:27 PM
Re: Are we shock-proof?
You shuld check facts better.  The SpamHaous attack was so small, that nobody (except spamhaus) noticed.

The publicity campaign that was kicked off by the comapny they hired to fix their problem however, made up some numbers so crazy, that everyone saw "largets in history", and that PR has now replaced the truth.

the Spamhaus ISP published their traffic logs for the period in question in response, showing that there was no discernable peak or spike in data.  

It seem nothing can beat a good PR advertising campaign though :-(
User Rank: Light Sabre
10/18/2013 | 5:34:53 PM
Re: Are we shock-proof?
Hi Carol.  What exactly are hacktivist groups and what are their motives?  Can LR do an article on this subject? 
Carol Wilson
Carol Wilson,
User Rank: Blogger
10/18/2013 | 3:47:42 PM
Are we shock-proof?
Arbor has been tracking this stuff longer than most and while they usually have some shocking numbers to share, this current report is truly disturbing. 
More Blogs from Rewired
AT&T pulls back from offering Gigapower customers a chance to protect their privacy for a price, even as FCC considers making it mandatory.
Don't worry, they say, the code will work it out. There's apparently nothing open source can't tackle.
Level 3 finds enterprise security managers who believe firewalls can save them are getting some nasty surprises.
At one moment in Denver this week, the three largest US operators were very agreeable to the idea of open sourcing APIs to make business easier.
AT&T's former security guru is taking his expertise to a much broader audience – and this time he's giving it away.
Light Reading’s Upskill U is a FREE, interactive, online educational resource that delivers must-have education on themes that relate to the overall business transformation taking place in the communications industry.
Wednesday, November 9, 1:00PM EST
MANO 101
Toby Ford, AVP, Cloud Technology, Strategy & Planning, AT&T
Friday, November 11, 1:00PM EST
Open Source for NFV MANO
Wednesday, November 16, 1:00PM EST
SDN 101
John Isch, Practice Director, Network & Voice, Orange Business Services
Friday, November 18, 1:00PM EST
SDN & Open Source
Christopher W. Rice, Senior Vice President of AT&T Labs, Domain 2.0 Architecture and Design
in association with:
From The Founder
Light Reading today starts a new voyage as part of a larger Enterprise.
Flash Poll
Live Streaming Video
Charting the CSP's Future
Six different communications service providers join to debate their visions of the future CSP, following a landmark presentation from AT&T on its massive virtualization efforts and a look back on where the telecom industry has been and where it's going from two industry veterans.
LRTV Custom TV
OneAccess NFV Solutions

10|26|16   |   5:30   |   (0) comments

Antoine Clerget, CTO of OneAccess, discusses how his company has expanded its product line from enterprise-class routers to include a universal virtualized CPE as well as a suite of VNFs to help telco customers evolve to an NFV future.
LRTV Custom TV
The Journey Toward Carrier-Grade WiFi

10|26|16   |   3:39   |   (0) comments

In this Light Reading interview, Dave Sperling, CTO at Smith Micro Software and active participant of the WBA's policy working group, discusses the need for carrier-grade WiFi. Technical and business challenges slowing the fulfillment of this goal are addressed, as well as management strategies that will enable communication service providers to optimize end user ...
LRTV Custom TV
ZTE BBWF Highlights

10|26|16   |     |   (0) comments

At BBWF 2016, ZTE showed a broad range of innovative technologies that are kick-starting an ultrafast broadband journey.
LRTV Custom TV
Next-Generation Technology Beyond DOCSIS 3.1

10|20|16   |     |   (0) comments

At SCTE 2016, Huawei's Liu Jianhua speaks with Alan Breznick for an exclusive interview.
LRTV Custom TV
Hybrid Video Solutions to Change TV, Change Future

10|20|16   |     |   (0) comments

At SCTE 2016, Huawei's Ian Locke speaks with Alan Breznick for an exclusive interview.
LRTV Custom TV
Huawei Future-Oriented Giga Coax Network

10|20|16   |     |   (0) comments

At SCTE 2016, Huawei's Allen Wang speaks with Alan Breznick for an exclusive interview.
LRTV Custom TV
Huawei at SCTE 2016

10|20|16   |     |   (0) comments

Join Alan Breznick of Light Reading and take a sneak peek at the Huawei booth at SCTE 2016.
LRTV Custom TV
Assuring Network Quality in a Rapidly Changing Environment

10|20|16   |     |   (0) comments

As the rate of change and complexity increases in agile networks, the importance of introducing DevOps methodologies for integrating active test and assurance solutions throughout the full service lifecycle becomes critical to ensure that customers are experiencing the service quality they demand. The industry landscape is changing, and software-based test and ...
Telecom Innovators Video Showcase
A10 Networks on Service Providers' Industry Needs

10|20|16   |     |   (0) comments

Light Reading's Steve Saunders hears how A10 enables service providers to accelerate, secure and optimize their application delivery to drive down costs, enhance service availability, and better respond to customer requirements, so they can improve customer satisfaction, monetize their network, and grow revenues.
LRTV Custom TV
New NFV Use Cases for Cable TV

10|19|16   |     |   (0) comments

A large number of NFV use cases are focused on the enterprise domain, looking at virtualization of customer-premises equipment (CPE). To date, there has been little focus on the use cases and business case for virtualization of the video content delivery networks required to deliver unicast and streaming video to consumers. Amdocs commissioned Analysys Mason to ...
Women in Comms Introduction Videos
Meet the Future Workforce: New Faces, Expectations & Motivations

10|19|16   |   5:33   |   (1) comment

Millennials and their younger peers, Gen Z, expect more out of their network and more out of their work. Intel's Lynn Comp shares how the industry can prepare for this new generation of workers.
LRTV Custom TV
ZTE Global Services User Congress 2016 Highlights

10|19|16   |     |   (0) comments

ZTE held its 2nd Global Service User Conference in Dusseldorf on October 13-14. Representatives from network operators, leading industry analysts and ZTE senior expertsattended the event, exploring the best practice in managed services and the vision to transform network operations into the operations center of the future (OpCF) in the software-defined networking ...
Upcoming Live Events
November 3, 2016, The Montcalm Marble Arch, London
November 30, 2016, The Westin Times Square, New York City
December 1, 2016, The Westin Times Square, New York, NY
December 6-8, 2016, The Westin Excelsior, Rome
May 16-17, 2017, Austin Convention Center, Austin, TX
All Upcoming Live Events
Hot Topics
Trump: Dump AT&T/TW & Comcast/NBC
Alan Breznick, Cable/Video Practice Leader, Light Reading, 10/24/2016
Google Fiber Hits Pause Button, Scales Back
Alan Breznick, Cable/Video Practice Leader, Light Reading, 10/26/2016
T-Mobile: AT&T & TW Means Ma Bell Not Focused on Mobile
Dan Jones, Mobile Editor, 10/24/2016
Sprint: Revenue up 3%, Capex Will Rise Again
Dan Jones, Mobile Editor, 10/25/2016
Like Us on Facebook
Twitter Feed
BETWEEN THE CEOs - Executive Interviews
Join us for an in-depth interview between Steve Saunders of Light Reading and Alexis Black Bjorlin of Intel as they discuss the release of the company's Silicon Photonics platform, its performance, long-term prospects, customer expectations and much more.
There's no question that, come 2020, 5G technology will turn the world's conception of what mobile networking is on its head. Within the world of 5G development, Dr. ...
Animals with Phones
'Oh, Were You Looking for This?' Click Here
'I was just playing some games...'
Live Digital Audio

A vital part of increasing the number of women in comms is transforming the ways companies can support and empower women. While progressive company policies that support both men and women in achieving work-life balance are a step in the right direction, creating a company culture that supports those policies can at times be more challenging.

During this show, we'll talk to Lynn Comp, Senior Director of Industry and Sales Enabling (ISE) in the Network Platforms Group at Intel, about why those challenges exist and how companies can overcome them. She'll provide insight into how Intel has worked to create a culture that supports work-life balance, and provide steps and guidance for other companies wishing to do the same. We will also leave plenty of time to get your questions answered live on the air.