Q3 2014 Record-Breaking 321 Gbps DDoS Attack

Category: Entertainment

Presentation Description

Longer attacks and more bandwidth consumption were a leading DDoS trend in Q3 2014. View this short presentation about a major DDoS attack campaign that exemplifies this DDoS trend, and then get all the details from the full Q3 2014 State of the Internet – Security report at http://bit.ly/1t7w6ts


Presentation Transcript

slide 1:

stateoftheinternet.com Q3 2014 Spotlight on a 321 Gbps Attack

slide 2:

high-bandwidth attack on entertainment firm • 10 distinct attacks over a one-week period • 8 of 10 attack campaigns were high-bandwidth 100+ Gbps • Peak bandwidth of the largest attack: 321 Gbps a record • This multi-vector attack hit: ⁄ Layer 7 application layer ⁄ Layer 3 infrastructure layer • All attacks were successfully mitigated by Akamai • Source IP addresses remain under watch 2 / state of the internet / security Q3 2014

slide 3:

timeline of attacks • Attackers targeted an Akamai customer and Akamai’s DDoS mitigation infrastructure • First attacks hit a customer’s web server ⁄ First and third attacks exceeded 100 Gbps • Next attack targeted an Akamai-owned network block protecting the target ⁄ Peak 321-Gbps attack aimed at bypassing DDoS mitigation technology or causing it to fail • After failing to bypass DDoS protections attacks resumed on the customer’s website • Attacks persisted from July 12 to July 20 averaging 90 hours 3 / state of the internet / security Q3 2014

slide 4:

botnet topology • The attacks were launched by a collection of bots reporting to a command-and-control C2 host • The source IP sending commands was located in Asia • Bots were worldwide ⁄ Most traffic originated in U.S. Germany and China ⁄ Another botnet sending attack payloads was located in Korea • Botnets were built by targeting: ⁄ Linux-based servers ⁄ Customer-premises equipment 4 / state of the internet / security Q3 2014

slide 5:

attack vectors Multi-vector attacks used multiple types of flood: • SYN flood • UDP flood • ICMP flood • RESET flood • GET flood ⁄ Note: GET flood attacks usually reveal the actual source IP addresses • Attackers used mostly SYN flood and UDP flood traffic often together 5 / state of the internet / security Q3 2014

slide 6:

about SYN floods • Subvert the normal Transmission Control Protocol TCP used to establish a valid connection • Send multiple requests at a rapid rate or send extra large packets • Can render an unprotected server unable to respond to legitimate requests 6 / state of the internet / security Q3 2014

slide 7:

about UDP floods • Exploit the User Datagram Protocol UDP • Are a common protocol in voice-over-IP VoIP and online games • Do not require establishing a verified connection to initiate communication • Make spoofing a source IP easy • Subvert mitigation efforts with spoofed addresses 7 / state of the internet / security Q3 2014

slide 8:

attack statistics • Attack averages ⁄ 154 Gbps ⁄ 54 Mpps ⁄ 90 hours • Peak attack stats: ⁄ 321 Gbps ⁄ 169 Mpps • Top three non-spoofed source IP origins ⁄ U.S.: 49 ⁄ Germany: 21 ⁄ China: 19 8 / state of the internet / security Q3 2014

slide 9:

Q3 2014 state of the internet – security report Download the Q3 2014 State of the Internet – Security Report which includes: • Analysis of DDoS attack trends • Bandwidth Gbps and volume Mpps statistics • Year-over-year and quarter-by-quarter analysis • Application layer attacks and infrastructure attacks • Attack frequency size and sources • Where and when DDoSers strike • How and why attackers are building DDoS botnets from devices other than PCs and servers • Details of a record-breaking 321 Gbps DDoS attack • Syrian Electronic Army SEA phishing attacks • More at www.stateoftheinternet.com/security-reports 9 / state of the internet / security Q3 2014

slide 10:

about stateoftheinternet.com • StateoftheInternet.com brought to you by Akamai serves as the home for content and information intended to provide an informed view into online connectivity and cybersecurity trends as well as related metrics including Internet connection speeds broadband adoption mobile usage outages and cyber-attacks and threats. • Visitors to www.stateoftheinternet.com can find current and archived versions of Akamai’s State of the Internet Connectivity and Security reports the company’s data visualizations and other resources designed to put context around the ever-changing Internet landscape. 10 / state of the internet / security Q3 2014

authorStream Live Help