133 attacks over 100Gbps so far in 2014; 22 recorded in Q3

October 10, 2014

3 Min Read


BURLINGTON, MA., October  7, 2014 – Arbor Networks Inc. today released global DDoS attack data for Q3 2014 showing a remarkable increase in Simple Service Discovery Protocol (SSDP) reflection attacks. Arbor monitored very few attacks using SSDP as a reflection mechanism in Q2, but nearly 30,000 attacks with this source port in Q3 alone, with one such attack reaching 124Gbps. The data confirms what Arbor has calledThe Hockey Stick Era, with a continuing trend towards large volumetric attacks, a consistent theme throughout 2014.

Arbor’s data is gathered through ATLAS®, a collaborative partnership with nearly 300 service provider customers who share anonymous traffic data with Arbor in order to deliver a comprehensive, aggregated view of global traffic and threats. ATLAS collects statistics that represent 90Tbps of Internet traffic and provides the data for the Digital Attack Map, a visualization of global attack traffic created in collaboration with Google Ideas.

“Everyone is aware of the huge storm of NTP reflection DDoS attacks in Q1 and early Q2, but although NTP reflection is still significant there isn’t as much going on now as there was – unfortunately, it is looking more and more like SSDP will be the next protocol to be exploited in this way.  Organizations should take heed and ensure that their DDoS defense is multi-layered, and designed to deal with both attacks that can saturate their connectivity, and more stealthy, sophisticated application layer attacks,” said Arbor Networks Director of Solutions Architects Darren Anstee.

DDoS in Q3 2014 -- ATLAS key findings:

  • Significant growth in use of SSDP for reflection attacks in Q3: 9% of all attacks in September and 42% of all attacks greater than 10Gbps appeared to use SSDP reflection.

  • NTP reflection attacks still significant, but continuing to fall away proportionally (post the Q1 storm); however, over 50% of all attacks greater than 100Gbps were still NTP reflection attacks.

  • Very large volumetric attacks far more frequent than in the past, with 133 attacks over 100Gbps this year so far.

  • Average monitored attack in Q3 was 858.98Mbps; peak attack of 264.6Gbps.

  • Q3 saw 16.5% of all attacks above 1Gbps, up from 15.3% in Q2.

  • Proportion of events lasting less than 1 hour is gradually increasing, now at 91.2%

  • Ranking sources for events larger than 10Gbps: U.S. (7.6%), China (5.9%), Brazil (1.1%)

  • Ranking destinations for events larger than 10Gbps: U.S. (17.6%), France (10.8%), Denmark (8.4%)

For more analysis into data from Q3 2014, please visit Slideshare to view more detailed findings.

About Arbor Networks

Arbor Networks, Inc. helps secure the world’s largest enterprise and service provider networks from DDoS attacks and advanced threats. Arbor is the world’s leading provider of DDoS protection in the enterprise, carrier and mobile market segments, according to Infonetics Research. Arbor’s advanced threat solutions deliver complete network visibility through a combination of packet capture and NetFlow technology, enabling the rapid detection and mitigation of malware and malicious insiders. Arbor also delivers market leading analytics for dynamic incident response, historical analysis, visualization and forensics. Arbor strives to be a “force multiplier,” making network and security teams the experts. Our goal is to provide a richer picture into networks and more security context - so customers can solve problems faster and reduce the risk to their business.

To learn more about Arbor products and services, please visit our website at arbornetworks.com. Arbor’s research, analysis and insight, together with data from the ATLAS global threat intelligence system, can be found at the ATLAS Threat Portal.

Trademark Notice: Arbor Networks, the Arbor Networks logo, Peakflow, ArbOS, Pravail, Cloud Signaling, Arbor Cloud, ATLAS, We see things others can’t.TM and Arbor Networks. Smart. Available. Secure. are all trademarks of Arbor Networks, Inc. All other brands may be the trademarks of their respective owners

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights