Página 1 de 2 12 ÚltimoÚltimo
Resultados 1 a 10 de 13

Tópico: DDoS @ 360 Gbps

  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    15,004

    DDoS @ 360 Gbps

    Brazil experienced a 200% increase in attacks sourced from the region—the top country of origin for all web application attacks.


    DDoS attacks fall in size but rise in number in Q2- Akamai

    Total DDoS attacks increased 129 percent in Q2 2016 from Q2 2015, and during the second quarter, Akamai mitigated a total of 4,919 DDoS attacks.

    According to Akamai Technologies’ Second Quarter 2016 State of the Internet Security Report, large-volume attacks are continuing too. Akamai observed its largest DDoS to date at 363Gbps on June 20, against a European media customer. Twelve attacks observed during Q2 exceeded 100 Gbps and two that reached 300 Gbps targeted the media and entertainment industry.

    The company also reported that it mitigated 21 attacks that exceeded 30 million packets per second, a quarterly record. The previous record was in Q2 2015 when there were 18 attacks over the this level.

    More than half of the DDoS attacks (57%) targeted gaming companies, with
    another 26% targeting the software & technology industry — some of which serve
    the gaming sector. Those industries were followed by financial services (5%), media
    & entertainment (4%), Internet & telecom (4%), education (1%), and other sectors
    made up the remainder (3%). One customer was targeted with 373 attack events.

    That said, at the same time, the median attack size fell by 36% to 3.85Gbps.

    “While attack sizes are decreasing, we continue to see an uptick in the number of attacks as launch tools grow increasingly pervasive and easy to use and monetize,” said Martin McKeay, editor-in-chief for the report. “This commoditization renders businesses vulnerable to a higher frequency of attacks they can’t defend against on their own. As we look toward Cybersecurity Awareness Month in October, it is important for organizations to understand what they are up against, specifically as adversaries increasingly threaten DDoS attacks for ransom.”

    The report also shows that Q2 2016 had a 14% increase in total web application attacks from Q1 2016. SQL Injection (44%) and Local File Inclusion (45%) were the two most common attack vectors in Q2.

    As far as regional notes go, Brazil experienced a 197% increase in attacks sourced from the region—the top country of origin for all web application attacks. The United States meanwhile ranked second among countries for total web application attacks, seeing a 13% decrease in attacks compared to Q1 2016.

    Other types of attacks also showed a big rise: there was a 151% rise in infrastructure layer attacks in Q2 2016, compared to Q2 2015; a rise of 276% in NTP reflection attacks and a 70% rise in UDP flood attacks.

    And, the analysis shows that bots are still a scourge: During one 24-hour period in Q2, bots accounted for 43% of all web traffic across the Akamai Intelligent Platform. Detected automation tools and scraping campaigns represented 63% of all bot traffic, a 10% increase from Q1 2016. These bots scrape specific websites or industry segments and do not identify their intentions and origin.


    http://www.infosecurity-magazine.com...git-growth-in/

    http://www.itwire.com/security/74802...ort-shows.html
    Última edição por 5ms; 16-09-2016 às 00:06.

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    15,004

    The source country responsible for 25% of global Web application attacks



    For the first time, Brazil was the top source country for web application attacks (25%), based largely on a series of attack campaigns in April against the hotel industry. The U.S. was a close second at 23%, a huge drop from 43% in Q1. Akamai has seen a steady increase in the amount of malicious traffic coming from Brazil, specifically from cloud-based Infrastructureas-a-Service (IaaS) data centers. Overall, the U.S. was the top target of web application attacks, receiving 64% overall. Local File Inclusion (lfi) and sql Injection (SQLi) accounted for almost 90% of the Web application attacks in Q2. This quarter we removed Shellshock from the list of attack vectors. In our experience, Shellshock alerts are most commonly an indicator of companies scanning their own sites for the vulnerability, not actual attacks.

    https://www.akamai.com/us/en/multime...ive-review.pdf


    Q2 2016 State of the Internet / Security Report

    DDoS, web application attacks surge; repeat attacks become the norm

    What You’ll Learn

    Get detailed cloud security insights about DDoS and web application attack trends observed across the Akamai Intelligent Platform™ for Q2 2016. Highlights include:

    • A 23% increase in DDoS attacks and a 26% increase in web application attacks, compared with Q4 2015, setting new records for the number of attacks in the quarter
    • The rise in repeat DDoS attacks, with an average of 29 attacks per targeted customer – including one customer who was targeted 283 times
    • The continued rise in multi-vectored attacks (56% of all DDoS attacks mitigated in Q1 2016), making mitigation more difficult
    • DDoS spotlight: 100 Gbps+ mega attacks using increasingly simple attack vectors
    • Web application attack spotlight: Account Takeover (ATO) attacks targeting finance and entertainment sectors



    https://content.akamai.com/PG6852-q2...-security.html

  3. #3
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    15,004

    Brian Krebs' Blog Hit by 665 Gbps DDoS Attack

    Eduard Kovacs
    September 21, 2016

    Investigative cybercrime journalist Brian Krebs reported on Tuesday that his website, KrebsOnSecurity.com, was hit by a massive distributed denial-of-service (DDoS) attack that could be the largest in history.

    According to Krebs, his site was targeted with various types of DDoS attacks, including SYN and HTTP floods. The attack peaked at 665 Gbps and 143 Mpps (million packets per second), but it was successfully mitigated by Akamai, the company that provides DDoS protection services for KrebsOnSecurity.

    Krebs believes that the botnet used to target his blog mostly consists of Internet of Things (IoT) devices, such as webcams and routers, that have default or weak credentials.

    Akamai told Krebs that this attack was nearly twice the size of the largest attack they had previously encountered. It’s worth noting that Arbor Networks reported in January that some of its customers had been hit by attacks that peaked at 500, 450 and 425 Gbps.

    In January, a group of anti-ISIS hackers claimed to have launched DDoS attacks on BBC websites that peaked at 600 Gbps, but some experts questioned their claims.

    As for Brian Krebs, it’s not unusual for the journalist to be targeted by the cybercriminals he is trying to expose. Earlier this month, he reported being hit by a 140 Gbps DDoS attack after exposing two Israeli individuals allegedly responsible for operating a booter service called vDOS.

    Just before the latest attack, Krebs detailed the activities of a DDoS mitigation firm called BackConnect, which he discovered has a history of BGP hijacks and ties to questionable individuals.

    DDoS attacks are the least of Krebs’ worries. In the past, he was a victim of swatting and had drugs sent to his home by the individuals he had been investigating. On Wednesday, in addition to DDoS attacks, the blogger said the attackers had been trying to flood his Skype account with requests and his email inbox with subscriptions.

    http://www.securityweek.com/brian-kr...ps-ddos-attack

  4. #4
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    15,004

    OVH: DDoS @ Terabit

    Octave Klaba / Oles @olesovhcom


  5. #5
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    15,004
    Octave Klaba / Oles ‏@olesovhcom Sep 3

    Telefonica allows the hackers to use their network to send the large DDoS to Internet. Here 150Gbps from AS3352





    FS#20149 — Telefonica (AS3352)


    Details Bonjour,
    Dans le service que nous proposons à nos clients,
    nous incluons la gestion de DDoS qui consiste à
    recevoir les attaques DDoS et les nettoyer. Pour
    cela nous avons beaucoup de capacité avec Internet
    (7500Gbps) et nous avons développé le VAC qui permet
    de nettoyer les DDoS. Nous avons déjà reçu et nettoyé
    les DDoS de 800Gbps avec le succès.

    Depuis plusieurs jours nous recevons une attaque
    en provenance d'un réseau en particulier, celui
    de l’opérateur historique en Espagne: Telefonica.
    Cette attaque vise un client en particulier qui
    est hébergé dans notre DC à BHS (Canada).

    Il ne s'agit pas de DDoS (Distributed Denial of Service)
    C'est un DoS Denial of Service car il n'est pas
    distribué. En effet, l'attaque ne nous vient pas
    de beaucoup d'endroits du monde, mais vient d'un
    endroit spécifique et donc utilise une route spécifique:
    AS3352 Telefonica Espagne <> AS12956 Telefonica International <> AS16276 OVH

    Nous avons de liens de connexions avec AS12956:
    30G + 20G à Madrid
    40G à Paris
    20G à Ashburn,VA
    20G à Miami,FL
    En tout, nous avons 130Gbps avec AS12956
    Sauf que le DoS que nous recevons est de 150Gbps.

    Habituellement il n'y a pas de soucis pour recevoir
    150Gbps si c'est un DDoS qui vient de la Asie, Europe
    et USA en même temps. Chaque parti du réseau prend un
    bout du DDoS et chaque VAC nettoie un bout du DDoS.

    Ici les hackers utilisent spécifiquement le réseau de
    Telefonica Espagne pour envoyer une attaque très importante
    en taille. Le type du DoS est très basique et nous le
    nettoyons sans soucis. Mais dans ce cas là précis nous
    ne pouvons pas nettoyer le DoS car on n'arrive pas le
    recevoir. Les liens que nous avons avec Telefonica
    International sont saturés avant qu'on puisse le faire.

    Nous avons donc coupé les annonces BGP avec AS12956
    pour utiliser les autres liens que nous avons avec Internet.

    Le trafic nous est donc arrivé par AS5511 OpenTransit
    AS3352 Telefonica Espagne <> AS12956 Telefonica International <> AS5511 OpenTransit <> AS16276 OVH

    Nous avons 1x100G avec OTI à Frankfurt. L'attaque a saturé
    le lien que nous avons avec OTI. Durant cette saturation
    d'autres ISP en Espagne ont été impacté car nous utilisons
    OTI pour recevoir le trafic à partir d'Orange Spain, Jazznet etc.

    Nous avons donc coupé les annonces BGP avec AS5511
    afin d'utiliser les autres liens que nous avons
    avec l'internet.

    Le trafic nous vient désormais par Level3 AS3356
    AS3352 Telefonica Espagne <> AS12956 Telefonica International <> AS3356 Level3 <> AS16276 OVH

    Nous avons 800Gbps de capacité avec Level3 et nous avons
    plusieurs liens de 200Gbps avec. Donc nous pouvons désormais
    recevoir ce DoS de 150Gbps.

    Le souci est qu'entre AS12956 <> AS3356 il n'y a pas assez
    de capacité pour faire passer ce DDoS sans saturer les liens
    entre ces opérateurs.

    Nous continuons à travailler pour résoudre ce souci. Nous
    sommes en contact avec AS12956 qui demande à AS3352 d’éteindre
    le réseau de botnet qui est à l'origine de ce DoS. Aussi,
    nous modifions nos configurations respectives pour réussir
    à faire passer ce DoS entre AS12956 et AS16276. Nous ne pouvons
    pas vous donner plus de détails car ce task de travaux sera lu
    par les hackeurs à l'origine du DoS et ils vont utiliser ces
    informations pour passer à travers les astuces qu'on déploie.
    C'est aussi pour cela que nous n'avons pas fait le task de
    travaux avant ce soir. Dans le cas de DDoS moins d'information
    on donne, moins on excite les hackers et mieux on gère les DDoS.
    Vu l'impact pour nos clients espagnoles nous nous devons leur
    donner les informations sur l'origine du souci.

    Nous avons trouvé quelques astuces pour faire passer ce DoS
    sans saturer les liens. On va voir dans les prochaines heures
    si ça tient.

    Dans tous les cas, nous discutons avec Telefonica International
    pour augmenter les capacités avec leur réseau. Nous allons aussi
    déployé un nouveau routeur à Madrid plus tôt que prévu. Il sera
    installé en octobre au lieu de mars. Ceci nous permettra de
    connecter en octobre 200G avec Telefonica, upgrader Espanix en
    2x 200G, OpenTransit en 200G et avoir ces mêmes upgrades avec
    Telia et Cogent. En parallèle, nous allons ajouter d'autres
    liens avec Telefonica notablement à Paris de 200G et Ashburn,VA
    de 200G. Les hackers ont réussi à trouver une faille dans notre
    réseau. On va fixer cette faille au plus vite. Cette expérience
    nous servira pour améliorer encore les protections que nous
    proposons à nos clients par défaut dans nos services.

    Nous sommes sincèrement désolés pour la panne générée pour les
    visiteurs venant de Telefonica Espagne.
    http://gsw.smokeping.ovh.net/smokepi...rget=EU.AS3352

    Amicalement
    Octave
    Última edição por 5ms; 21-09-2016 às 13:00.

  6. #6
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    15,004

    Bizarro

    Octave Klaba / Oles ‏@olesovhcom Aug 30

    en tout, 80000 cameras sont mal protégées et sont utilisées pour générer les DDoS "syn/ack sport:80" de 800Gbps.


    Octave Klaba / Oles ‏@olesovhcom Aug 30

    6000 cameras sur les IPs FR dont 80% de Orange et 15% de SFR participent aux DDoS. le type: SYN-ACK, source port 80.


    Octave Klaba / Oles ‏@olesovhcom Sep 3

    88625 cameras used for the DDoS. Some ISP in Spain aren't able to control the trafic going out ..
    Última edição por 5ms; 21-09-2016 às 13:55.

  7. #7
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    15,004

    Unhappy

    ReliableSite.Net LLC ‏@ReliableSite 2 hours ago

    An upstream is now having an issue with an announced prefix, waiting for an update there.

  8. #8
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    15,004

    Cool Vitima do Sucesso

    Octave Klaba / Oles ‏@olesovhcom 6 hours ago

    Last days, we got lot of huge DDoS. Here, the list of "bigger that 100Gbps" only. You can see the simultaneous DDoS are close to 1Tbps !


  9. #9
    Guru Junior
    Data de Ingresso
    Feb 2012
    Posts
    215
    Citação Postado originalmente por 5ms Ver Post
    Octave Klaba / Oles ‏@olesovhcom 6 hours ago

    Last days, we got lot of huge DDoS. Here, the list of "bigger that 100Gbps" only. You can see the simultaneous DDoS are close to 1Tbps !

    Agora sabemos o porque dos packetloss...
    █ GameTalk.com.br | Especialista em servidores de TeamSpeak!
    Servidores Dedicados | VPS com kernel dedicado | Rede premium @Level 3
    █ Proteção DDoS @BlackLotus ou @OVH | Servidores de TeamSpeak nacionais!
    http://www.GameTalk.com.br | Skype: IgorSantos11 | Telefone: (11) 4063-0465

  10. #10
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    15,004
    Citação Postado originalmente por IgorSantos11 Ver Post
    Agora sabemos o porque dos packetloss...
    Apois

    Um dos problemas é que a OVH garganteia ter zilhões de terabits mas é capacidade agregada. Nos pontos de captação (PoPs) a capacidade é baixa assim como parecem ser a dos acordos de peering. Qualquer investida localizada séria derruba a opção A, então a B, C...Z, como mostra o post #5 porque a mitigação da OVH é centralizada -- PoPs desprotegidos. Como as opções de interligação das nossas operadoras bambus com o bambuzal da OVH nos EUA é limitada qualquer Ping vira DoS.
    Última edição por 5ms; 22-09-2016 às 16:06.

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens
  •