Zombies, Worms and Flooded OC192s — the 2007 Infrastructure Security Report

Ah, the end of summer. Crisp fall mornings, the kids off to school and providers reporting sustained 24 Gbps DDoS attacks… Yep, all this means another school year and a new WorldWide Infrastructure Report.

This year Arbor and the University of Michigan again surveyed 70 ISPs (covering most of the major carriers around the world) on security issues facing backbone operators. Questions ranged from DDoS attack size and mitigation methods to what scares ISP security architects the most.

The results from this third year of surveys (available today) gives a decent overview of the trends and emerging threats in Internet backbone security.

Mostly, the security architects at tier-1 / tier-2 ISPs and cable operators say they are a happy lot. The majority (73 %) believe they’re winning the battle against DDoS attacks and major customer / backbone security disruptions. Many of them have even happily turned DDoS detection and mitigation into a commercial service and growing revenue source.

This all sounds like a good thing for the Internet (and it turns out also for Arbor, who happens to sell DDoS mitigation gear), but other bits of the survey data are less encouraging…

While growing numbers of ISPs have upgraded their cores to OC192 circuits (10 Gbps), several ISPs report sustained attacks in the last 12 months peaking beyond 24 Gbps. In other words, more than enough to fill a couple of their backbone links and then some. A graph from the survey (below) shows the peak reported sustained attack rate over the last six years. Note the trend in peak attack growth size.

peak.png

Other data from the survey indicates growing ISP concern around botnets and their use in SPAM, Phishing, DDoS and other creative money making ventures. Basically, ISPs see no immediate end to the growth of these easily accessible bot networks.

So lots more interesting and detailed data in the survey — we encourage you to take a look. And as always, this work would not be possible without the support and participation of the Internet security community.

Here’s to another school year and watching how Internet security changes again over the next 12 months. The 2007-2008 survey will be released next Fall.

Comments are closed.