It’s that time again – our quarterly data pull from ATLAS to glean new insight into DDoS attack trends and how they stack up for the year to date.
Here, I’m sharing a few of the more interesting findings from my own perspective.
Firstly, we’ve seen a big jump in the amount of traffic we’re now monitoring in ATLAS – a pretty amazing 69Tbps of IPv4 traffic at peak, up from 47Tbps in Q2, a 32% increase. This is a significant proportion of overall Internet traffic and gives us a great view into what is going on out there.
(graphic added 14:00est 10/16/2013)
Average attack size is another interesting data point – this year we’ve seen very rapid growth in the average size of attacks in bits-per-second (BPS), and for the last 3 months its been consistently in the 3-3.5Gbps range. When we look at the graph below, and consider that the average attack size in 2012 was 1.48Gbps, we can see how significant this growth is:
Average attack sizes above 3Gb/sec represent yet another milestone – a milestone we discussed in our blog post on ATLAS stats last quarter. This year attack sizes seem to be tracking up across the board when it comes to bits-per-second, but interestingly the inverse is true for packets-per-second where we are seeing average sizes decrease.
While we didn’t witness a Spamhaus-sized 300Gbps attack this quarter, the largest attack size we did see in ATLAS was still pretty remarkable at 191Gbps, an attack that took place in August 2013 – significantly above the approximate 100Gbps ceiling that we had seen prior to this year.
And, we are seeing more very large attacks going on out there. So far this year ATLAS has monitored more than four and a half times the number of attacks over 20Gbps than were recorded in all of 2012.
The data in ATLAS this quarter shows that volumetric DDoS continues to be a global threat, with alarming and consistent increases in attack size. One piece of good news, however, is just how much more traffic we now see in ATLAS; it’s a significant proportion of overall Internet traffic, which means we can provide an even more detailed view into Internet traffic patterns and threat evolution than ever before.