[191271] in North American Network Operators' Group
Arbor Reports 540Gbps "Sustained" Attack
daemon@ATHENA.MIT.EDU (Dennis B)
Wed Aug 31 15:37:16 2016
X-Original-To: nanog@nanog.org
From: Dennis B <infinityape@gmail.com>
Date: Wed, 31 Aug 2016 15:37:12 -0400
To: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
https://www.arbornetworks.com/blog/asert/rio-olympics-take-gold-540gbsec-sustained-ddos-attacks/
I've used SP Peakflow before and I have my opinions. With all the
intelligence out there about DDoS attacks, DDoS attackers, DDoS tools and
techniques this article leaves me with ton's of questions.
IE: What industry was the attack target? Was it a single customer or
multiple customers at the same time? What was the attack vector? Was it
multi-vector? What was the duration of the 540Gbps attack? Did you actually
block the attack or did you just report on it from your cloud signaling
alliance aka cloud offering? Could you help explain if the peak of the
attack lasted X minutes, Y hours, Z days? What was the attack targeted
protocol? Was it TCP against TCP or UDP against UDP or UDP against TCP?
I have to be honest, IDK if Arbor is attempting to claim the largest
recorded DDoS attack in the world cup of DDoS attacks but the fact that
your a local appliance shop. Selling to the global 100 and T1-3 ISPs - I'd
hope for more than a marketing ploy to take the top attack vector.
Thought I'd ask Nanog if they heard any whispers about this "white
buffalo", which ISPs were Transiting the event, what course of actions were
taken.
Thanks!
