Prolexic is the world's largest and most trusted distributed denial of service (DDoS) protection & mitigation services as well as network intrusion prevention solutions.

1. Overview of Prolexic Quarterly DDoS Attack Report
Q1 2013
www.prolexic.com

2. www.prolexic.com
Prolexic Quarterly DDoS Attack Report: Q1 2013
• What happened in Q1 2013?
– The most formidable distributed denial of service
(DDoS) attacks to date
– More than 10 percent of attacks exceeded 60
Gigabits per second (Gbps)
– The headline-making Spamhaus.org attack
2
May 2013 www.prolexic.com

3. www.prolexic.com
Average Bandwidth of DDoS Attacks in Q1 2013
• Volumetric bandwidth averaged an attention-
grabbing 48.25 Gbps
3

4. www.prolexic.com
Emerging DDoS Attack Trends: Q1 2013
• Important trends?
– Targeting Internet Service Providers (ISPs) and
Carrier router infrastructures
– High average packets-per-second (PPS)
• Greater average than most DDoS mitigation equipment
capacity.
• Even routers carrying traffic to the mitigation
equipment would be strained at this level
– See full report for details on PPS trends
4

5. www.prolexic.com
Analysis of Attack Types: Q1 2013
• Attackers focused on infrastructure attacks
• Favored application attacks were:
– SYN
– GET
– UDP
– ICMP
• Download the full report for percentages and graphs by attack
type, including attack volume and trends
5

6. www.prolexic.com
DDoS Attack Frequency in Q1: 2013 vs 2012
• Prolexic mitigated more DDoS attacks than ever in Q1 2013
• The month of March accounted for nearly half of all Q1
attacks (44 percent)
6

7. www.prolexic.com
Top Ten Source Countries: DDoS Attacks in Q1 2013
7

8. www.prolexic.com
DDoS Attack Case Study: An Enterprise (Q1 2013)
• Case 1: Enterprise Organization
– Attack traffic peaked at a massive 130 Gbps
– Multiple botnets with thousands of compromised
servers
– Primarily SYN, UDP and DNS floods
– Modifications to attack scripts executed on the fly,
requiring expertise and responsiveness to block them
– Successfully mitigated by Prolexic.
– Get full report for specific attack vectors and traffic
distribution and other details
8

9. www.prolexic.com
DDoS Attack Case Study: DNS Reflection (Q1 2013)
• Case 1: DNS Reflection attack against Prolexic
– New extensions such as SNSSEC are being used as
attack vectors
– Attack directed at ns1.prolexic.com on Jan 23, 2013
– Malicious actor used DNS amplification techniques
• 64 byte request generated a response exceeding 3,000 bytes
and averaged 1,200 bytes
• 18x amplification
– Successfully mitigated by Prolexic
– View full report for specific attack metrics, traffic
distribution, heat map of participating countries, and more
9

10. www.prolexic.com
Prolexic Q1 2013 Global Attack Report
• Download the Q1 2013 Global Attack Report for:
– Average and trends in attack duration and bandwidth
– Total number and trends of attacks by type
– In-depth case studies
– Year-over-year and quarter-over-quarter comparisons
– A look forward at emerging DDoS trends
• About Prolexic
– Prolexic Technologies is the world’s largest and most trusted
distributor of DDoS protection and mitigation services.
– Prolexic Security and Engineering Response Team (PLXsert)
monitors the global malicious cyber threats and actively
analyzes DDoS attacks using proprietary techniques and
equipment.
10