2008 Worldwide Infrastructure Security Report

Growing financial pressures, unforeseen threats, and a volatile and rapidly changing business landscape — apt descriptions for both the world economy and this years Worldwide Infrastructure Security Survey.

Arbor Networks once again has completed a survey of the largest ISPs and content providers around the world. Some 70 lead security engineers responded to 90 questions covering a spectrum of Internet backbone security threats and engineering challenges. This fourth annual survey covered the 12-month period from August 2007 through July 2008.

A copy of the full report is available at https://www.arbornetworks.com/report

The most significant findings:

    • ISPs Fight New Battles
      In the last four surveys, ISPs reportedly spent most of their available security resources combating distributed denial of service (DDoS) attacks. For the first time, this year ISPs describe a far more diversified range of threats, including concerns over domain name system (DNS) spoofing, border gateway protocol (BGP) hijacking and spam. Almost half of the surveyed ISPs now consider their DNS services vulnerable. Others expressed concern over related service delivery infrastructure, including voice over IP (VoIP) session border controllers (SBCs) and load balancers.


    • Attacks Now Exceed 40 Gigabits
      From relatively humble megabit beginnings in 2000, the largest DDoS attacks have now grown a hundredfold to break the 40 gigabit barrier this year. The growth in attack size continues to significantly outpace the corresponding increase in underlying transmission speed and ISP infrastructure investment. The below graph shows the yearly reported maximum attack size.


    • Services Under Threat
      Over half of the surveyed providers reported growth in sophisticated service-level attacks at moderate and low bandwidth levels attacks specifically designed to exploit knowledge of service weakness like vulnerable and expensive back-end queries and computational resource limitations. Several ISPs reported prolonged (multi-hour) outages of prominent Internet services during the last year due to application-level attacks.


  • Fighting Back
    The majority of ISPs now report that they can detect DDoS attacks using commercial or open source tools. This year also shows significant adoption of inline mitigation infrastructure and a migration away from less discriminate techniques like blocking all customer traffic (including legitimate traffic) via routing announcements. Many ISPs also report deploying walled-garden and quarantine infrastructure to combat botnets.

Overall, ISP optimism about security issues reported in previous surveys has been replaced by growing concern over the new threats and budget pressures. ISPs say they are increasingly deploying more complex distributed VoIP, video and IP services that often poorly prepared to deal with the new Internet security threats. More than half of the surveyed ISPs believe serious security threats will increase in the next year while their security groups make do with “fewer resources, less management support and increased workload.”

ISPs were also unhappy with their vendors and the security community. Most believe that the DNS cache poisoning flaw disclosed earlier this year was poorly handled and increased the danger of the threat.

Finally, the surveyed ISPs also said their vendor infrastructure equipment continues to lack key security features (like capacity for large ACL lists) and suffers from poor configuration management and a near complete absence of IPv6 security features. While most ISPs now have the infrastructure to detect bandwidth flood attacks, many still lack the ability to rapidly mitigate these attacks. Only a fraction of surveyed ISPs said they have the capability to mitigate DDoS attacks in 10 minutes or less. Even fewer providers have the infrastructure to defend against service-level attacks or this year’s reported peak of a 40 gigabit flood attack.

As always, this work would not be possible without the support and participation of the Internet security community. The 2008-2009 survey will be released next Fall.

Reblog this post [with Zemanta]

21 Responses to “2008 Worldwide Infrastructure Security Report”

November 11, 2008 at 4:23 pm, networkreading.com » Arbor : 2008 Internet Security Report said:

[…] 2008 Internet Security Report | Security to the Core | Arbor Networks Security Blogged with the Flock Browser […]

November 11, 2008 at 3:22 pm, Zero Day mobile edition said:

[…] “Worldwide Infrastructure Security Report” report by Arbor Networks also indicates that the DDoS attack rates exceed the ISP network’s growth, and have already reached the 40GB barrier. Ironically, the report also states that managed DDoS […]

November 11, 2008 at 9:11 pm, ISPs Fear Monster 40Gbps DDoS Attacks - Attacks getting more sophisticated, while resources getting strained… | Voip Blog said:

[…] readers write in to note that Arbor Networks has released their 2008 Worldwide Infrastructure Security Report, which picks the brains of roughly seventy engineers from tier 1 and 2 ISPs. Engineers were asked […]

November 11, 2008 at 7:09 pm, Some DDoS attacked now exceeding 40GBPS! | said:

[…] are a few alarming facts in a new report from Arbor Networks. Hacking attacks have been far from amusing for some time now. The band width now consumed by some […]

November 12, 2008 at 1:59 am, mark said:

the rss feed drives my av nuts and reports BV:Qhost-D
what up with that.

November 12, 2008 at 12:09 am, technichristian.net » Blog Archive » 2008 Worldwide Infrastructure Security Report said:

[…] Now Exceed 40 Gigabits From relatively humble megabit beginnings in 2000, the largest DDoS attacks have now grown a hundred…. Write a […]

November 12, 2008 at 9:48 am, Liquidmatrix Security Digest » Security Briefings - November 12th said:

[…] 2008 Worldwide Infrastructure Security Report – Arbor Networks […]

November 12, 2008 at 4:33 pm, Can your ISP stop a 40 Gigabit DDoS Attack? | Linux System Admins Blog said:

[…] 2008 Internet Security Report put out by Arbor Networks has this eye popping blurb… Attacks Now Exceed 40 Gigabits […]

November 12, 2008 at 7:59 pm, ISPs Fear Monster 40Gbps DDoS Attacks - Attacks getting more sophisticated, while resources getting strained… | remove the labels | Gadgets and Life said:

[…] readers write in to note that Arbor Networks has released their 2008 Worldwide Infrastructure Security Report, which picks the brains of roughly seventy engineers from tier 1 and 2 ISPs. Engineers were asked […]

November 14, 2008 at 5:49 am, Internet ameaçada « Ciência, Tecnologia e Afins… said:

[…] praticamente o dobro do volume de ataques registrados no ano anterior, segundo a quarta edição do Worldwide Infrastructure Security Report, da Arbor […]

November 14, 2008 at 8:34 pm, intir.net » Blog Archive » DDoS Attacks Getting More Powerful, ISPs Report Concern Over New Threats and Budget Pressures said:

[…] Fourth Annual Worldwide Worldwide Infrastructure Security Report (Arbor Netowrks, 11/11/2008) 2008 Worldwide Infrastructure Security Report (Arbor Security Blog, 11/11/2008) Copy of the Full Report (Free Registration Required) […]

November 14, 2008 at 8:54 pm, SPAM drops, DDoS Attacks, Whitepapers « InfoSec Philippines said:

[…] ISPs are allocating resources for DDoS attacks according to Arbor Network’s 2008 Worldwide Infrastructure Security Report. A related article is on ZDNet and an article on Vunet talks about ISP’s fear on IPv6 […]

November 17, 2008 at 7:23 am, Riflessioni su DDOS e reti complesse « esperimento tre said:

[…] Novembre 2008 · Nessun Commento Del 2008 Worldwide Infrastructure Security report se ne è parlato brevemente su Repubblica (in questo articolo), ma è stato abbastanza ignorato. Il […]

November 26, 2008 at 10:01 pm, On Message with Ben Gross » Blog Archive » New and noteworthy in security 11/26/08 said:

[…] 2008 Internet Security Report: Arbor Networks Security 2008 Worldwide Infrastructure Security Report is summarized in a post in their Security to the Core blog. The full report synthesizes data from a survey of about 70 lead security engineers and includes descriptions of new threats such as DDoS attacks that exceed 40 gigabits a second and new DNS attacks. […]

January 26, 2009 at 5:11 pm, CloudShield Blog » Blog Archive » GoDaddy Goes Down said:

[…] on DDoS trends published in late 2008, large scale attacks of 40Gbps or more are being seen. (Link To Arbor Report) Most hosting providers are not able to accommodate such levels of attack and this seems to be […]

February 16, 2009 at 5:11 pm, Internet: quanto è vulnerabile la Rete? - Stalkk.ed said:

[…] quanto riguarda gli attacchi di tipo DDoS, ad esempio, il "2008 Worldwide Infrastructure Security Report" di Arbor Networks evidenzia la mostruosa crescita in Gigabits per secondo (Gbps) della banda […]

March 11, 2009 at 11:21 am, モジュール12の補足情報 « SEC401 Mentor サポートブログ said:

[…] Arborによる調査結果 /blog/asert/2008/11/2008-worldwide-infrastructure-security-report/ […]

July 16, 2009 at 12:15 am, SEC401.2 参考リンク集 « Security 401 Weblog said:

[…] Arborによる調査結果 /blog/asert/2008/11/2008-worldwide-infrastructure-security-report/ […]

October 16, 2009 at 3:23 pm, Amazon Web Services: It's Not The Size Of the Ship, But Rather The Motion Of the... | Rational Survivability said:

[…] and infinite scale is that you get the benefits of infinite FAIL” The largest DDOS attacks now exceed 40Gbps. DeSantis wouldn’t say what AWS’s bandwidth ceiling was but indicated that a shrewd guesser […]

December 01, 2010 at 11:03 pm, Amazon Sends Wikileaks Up In A Cloud « Information said:

[…] That’s relatively small, as DDOS attacks go; they often exceeded 40 Gbits/sec in 2008, according to Arbor Networks’ 2008 worldwide infrastructure report. […]

November 19, 2011 at 7:36 pm, hacker hack hackers security said:

hacker hack hackers security…

[…]2008 Internet Security Report | DDoS and Security Reports | Arbor Networks Security Blog[…]…

Comments are closed.