“Attacks are getting bigger,” said Race, commenting on the results of Arbor’s recent global survey of 70 telcos.
“Last year the biggest attacks were 24Gb/s. Now we’re experiencing attacks of 40Gb/s. That would take down any ISP’s infrastructure if they were subjected to that.
“Over 5 per cent of respondents had been attacked with greater than 1Gb/s attacks, and the volume of attacks had also increased – it was not uncommon to see up to 25 attacks per day.”
Race said that companies also saw an increase in the size of botnet attacks. “They’re getting into the hundreds of thousands and even millions as part of the attack,” he said.
By its own estimates, Arbor has 70 per cent market share with Tier One telcos around the world. Its software acts to stop malicious attacks at an ISP-level, rather than a user level.
“There continues to be a bit of balance between attacking infrastructure and attacking end users,” said Race. “DNS cache poisoning and PGP route hijacking are becoming more prevalent.
Race cited two examples of massive attacks against internet services. The first was the recent attack against YouTube, when hackers made PGP route changes which took the popular video site offline for almost a day.
His other example was the Eastern European state of Georgia. “The whole Georgian internet was taken offline a few weeks before the tanks rolled in, crippling it for a cyber perspective,” said Race.
Race said that Australian services had reasons to be concerned.
“We’re probably a little bit more vulnerable [than other countries]. We’re at the end of a limited number of pipes. We have a finite number of internet access points, and the majority of them go over the Pacific and some over Asia.
“If they were well-targeted attacks, they could essentially isolate the country in the same way that happened to Georgia.”
’ISP’s can’t solve these problems alone’
Arbor’s approach to internet security is to provide managed security services at an ISP level, allowing them to offer their customers a clean internet pipe.
Arbor uses its global network of ISPs to shut down attacks at their point of origin.
“If an Australian was being attacked from someone overseas, and the attacker used an ISP that is part of the Arbor network, then the technology exists to shut them down at the originating ISP.
“It’s a ‘good internet citizen’ angle. The ‘D’ in DDOS is ‘distributed’, and what that means is distributed all around the world. ISPs can’t solve these problems alone – there needs to be a collaboration between them to stamp out these vulnerabilities.
“Now you don’t just have protection from the big, bad outside world: we’re protecting ISPs from their own customer base.”
Attacks at 40Gb/s: Arbor talks about ISP-level security
By Kathryn Small on Nov 13, 2008 2:20PM