DDoS attack size is getting bigger, security firm says

Wikimedia (CC)
Credit: Wikimedia (CC)

The percentage of attacks over 1 gigabit per second is 'growing strongly,' according to Arbor Networks. And SSDP attacks that could affect Internet of Things appear to be waning.


DDoS attacks aren't going away anytime soon. In fact, they're getting bigger, according to network security company Arbor Networks. But there's good news for potential attacks in the Internet of Things arena—some heat is off there.

DDoS, or Distributed Denial-of-Service, attacks are where numerous compromised computers are used to target a single system. In simple terms, the sheer size of the blast of traffic overwhelms the system.

Large attacks

Arbor Networks says that "while very large attacks are what makes headlines, average attacks are approaching one gigabit per second, and are rapidly becoming a real problem for more and more enterprises."

The company reckons that bits and packets per second are increasing.

Anonymous traffic data

Arbor collects its data through a collaborative project called ATLAS (Active Threat Level Analysis System). The scheme, where ISPs export hourly data, has around 300 ISP contributors.

They share anonymous traffic data with the company.


Key findings that Arbor has published in its Q2 2015 ATLAS Update include that the percentage of attacks over 1 Gbps is "growing strongly."

The company has found that 20.8% of attacks in the second quarter of 2015 were over that 1 Gbps mark. In the prior quarter in 2015, that percentage was only 17.7%.

Larger attacks means more for enterprise to deal with.

SYN attacks

SYN flooding is popular with large attacks. The report indicates that 99.2% of 50 Gbps to 100 Gbps attacks were SYN.

SYN is where the attacker sends a series of requests, or connections, faster than a computer can process them. The receiving system becomes unresponsive to normal traffic because server resources have been used up.


Arbor says that SSDP attacks are slowing, though. Those involved with the Internet of Things will be pleased to hear that.

SSDP, or Simple Service Discovery Protocol, is a network protocol for discovery of network services and is part of Universal Plug and Play.

There were 84,000 attacks showing in the statistics in Q2 2015. That's dramatically less than the 126,000 in the first quarter of 2015.

There were just 14 in the last quarter of 2014.

Internet of Things

SSDP attack devices can use home routers and webcams, and "any smart device with a public IP address and vulnerable operating system will increase the number of devices that could be used to launch SSDP–based reflection attacks," according to an unrelated report by NSFOCUS, another DDoS security company.

In April, NSFOCUS said that it thought the IoT was leading to growth in SSDP attacks. Q1 2015 saw that large spike in those attacks.

'Easily exploitable'

"The rise of the Internet of Things and the influx of network-connected devices, such as webcams and routers, are leading to the growth of SSDP-based amplification attacks," it said then.

"Most of these IoT devices are very low-cost, rarely if ever monitored, and are often easily exploitable," Gary Sockrider, a solutions architect for Arbor Networks, said in an article at Security Week.

That potentially IoT-affecting spike appears to be waning.

This article is published as part of the IDG Contributor Network. Want to Join?

Must read: Hidden Cause of Slow Internet and how to fix it
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies