[121532] in North American Network Operators' Group
Re: 2009 Worldwide Infrastructure Security Report available for
daemon@ATHENA.MIT.EDU (Danny McPherson)
Thu Jan 21 20:12:51 2010
From: Danny McPherson <danny@tcb.net>
In-Reply-To: <017a01ca99e5$c4dcddd0$4e969970$@net>
Date: Thu, 21 Jan 2010 18:08:34 -0700
To: Stefan Fouant <sfouant@shortestpathfirst.net>
Cc: 'NANOG list' <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 20, 2010, at 8:32 AM, Stefan Fouant wrote:
>=20
>=20
> I'm wondering if you can clarify why 'Figure 1' only goes up to 2008 =
and
> states in key findings "This year, providers reported a peak rate of =
only 49
> Gbps". I happen to personally recall looking at ATLAS sometime last =
year
> and seeing an ongoing attack that was on orders of magnitude larger =
than
> that.
That was an error in the chart (which has since been corrected), it=20
should have illustrated that 2009 respondents indicated 49 Gbps was=20
the largest observed attack. FWIW, I've seen empirical evidence=20
supporting much larger attacks (~82 Gbps), and the Akamai folks =
indicated=20
recently they'd seen attacks on the order of 120Gbps towards a single=20
target. However, these attacks were NOT reflected in survey feedback
expressly, and were therefore not included in the report.
> An interesting observation was the decrease in the use of flow-based =
tools,
> and the corresponding increase in the use of things like SNMP tools, =
DPI,
> and customer calls for attack detection. Surely this must have been a
> factor of a larger respondent pool... I'd really like to think people =
aren't
> opting not to use flow-based tools in favor or receiving customer =
calls :(
Yep, I think this is simply an artifact of a larger respondent pool
size, with many smaller respondents being represented.
-danny=
