It’s always interesting to see the numbers and do a little historical comparison. Each data set brings a new trend to light and often a few surprises. Here are the highlights this quarter from my perspective.
This represents an important milestone in the size of the average attack. For the first time we’re seeing average attack sizes solidly above the 2Gbps mark. Further, nearly half of all monitored attacks are above 1Gbps. Massive attacks like the 300Gbps Spamhaus incident certainly command attention but the average attack is more relevant for most organizations.
Speaking of large attacks, we see a huge increase in attacks over 20Gbps so far this year. With only half the year behind us, we’ve already monitored more than double the number of these large attacks than in the entirety of 2012!
In looking at the destination ports of monitored DDoS attacks we see another massive trend shift. While HTTP (port 80) continues to be the most popular, TCP fragmentation attacks (port 0) are up from about 10% last year to nearly 25% this year. That’s about two and a half times more so far this year. TCP fragmentation attacks are nothing new but it does demonstrate the attackers are constantly changing attack vectors in an effort to evade expectations.
For more key findings from the Q2 2013 ATLAS data, please download the full presentation from Slideshare: