mailing list archives
Re: 2009 Worldwide Infrastructure Security Report available for download.
From: Danny McPherson <danny () tcb net>
Date: Thu, 21 Jan 2010 18:08:34 -0700
On Jan 20, 2010, at 8:32 AM, Stefan Fouant wrote:
I'm wondering if you can clarify why 'Figure 1' only goes up to 2008 and
states in key findings "This year, providers reported a peak rate of only 49
Gbps". I happen to personally recall looking at ATLAS sometime last year
and seeing an ongoing attack that was on orders of magnitude larger than
That was an error in the chart (which has since been corrected), it
should have illustrated that 2009 respondents indicated 49 Gbps was
the largest observed attack. FWIW, I've seen empirical evidence
supporting much larger attacks (~82 Gbps), and the Akamai folks indicated
recently they'd seen attacks on the order of 120Gbps towards a single
target. However, these attacks were NOT reflected in survey feedback
expressly, and were therefore not included in the report.
An interesting observation was the decrease in the use of flow-based tools,
and the corresponding increase in the use of things like SNMP tools, DPI,
and customer calls for attack detection. Surely this must have been a
factor of a larger respondent pool... I'd really like to think people aren't
opting not to use flow-based tools in favor or receiving customer calls :(
Yep, I think this is simply an artifact of a larger respondent pool
size, with many smaller respondents being represented.