[191289] in North American Network Operators' Group
Re: Arbor Reports 540Gbps "Sustained" Attack
daemon@ATHENA.MIT.EDU (Maxwell Cole)
Thu Sep 1 09:40:10 2016
X-Original-To: nanog@nanog.org
From: Maxwell Cole <mcole.mailinglists@gmail.com>
In-Reply-To: <CAPr+j8+R7pE=OUzRcDz8ULrp1wBeaonFj+x9MGwRBrq3_B3AfQ@mail.gmail.com>
Date: Thu, 1 Sep 2016 09:40:03 -0400
To: Dennis B <infinityape@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
Heya.
I can=E2=80=99t speak with any evidence but I do have some =
infrastructure in Brazil and I can tell you I saw stubbornly persistent =
packet loss for the past two months. Across at least two tier one =
backbones. I don=E2=80=99t know anything about 500Gbps but large =
sustained DDoSes against BR locations for the past two months would not =
surprise me in the least.
Cheers,
Max
> On Aug 31, 2016, at 3:37 PM, Dennis B <infinityape@gmail.com> wrote:
>=20
> =
https://www.arbornetworks.com/blog/asert/rio-olympics-take-gold-540gbsec-s=
ustained-ddos-attacks/
>=20
> I've used SP Peakflow before and I have my opinions. With all the
> intelligence out there about DDoS attacks, DDoS attackers, DDoS tools =
and
> techniques this article leaves me with ton's of questions.
>=20
> IE: What industry was the attack target? Was it a single customer or
> multiple customers at the same time? What was the attack vector? Was =
it
> multi-vector? What was the duration of the 540Gbps attack? Did you =
actually
> block the attack or did you just report on it from your cloud =
signaling
> alliance aka cloud offering? Could you help explain if the peak of the
> attack lasted X minutes, Y hours, Z days? What was the attack targeted
> protocol? Was it TCP against TCP or UDP against UDP or UDP against =
TCP?
>=20
> I have to be honest, IDK if Arbor is attempting to claim the largest
> recorded DDoS attack in the world cup of DDoS attacks but the fact =
that
> your a local appliance shop. Selling to the global 100 and T1-3 ISPs - =
I'd
> hope for more than a marketing ploy to take the top attack vector.
>=20
> Thought I'd ask Nanog if they heard any whispers about this "white
> buffalo", which ISPs were Transiting the event, what course of actions =
were
> taken.
>=20
> Thanks!
