Arbor Networks’ Sixth Annual Worldwide Infrastructure Security Report: Reveals DDoS Attack Size Breaks 100 Gbps for First Time; Up 1000% Since 2005

Share Article

• Application-layer DDoS attacks target data center infrastructure • Mobile operators have limited visibility and control over their networks • DNS and IPv6 continue to present significant challenges for network operators

2010 should be viewed as the year distributed denial of service (DDoS) attacks became mainstream as many high profile attacks were launched against popular Internet services and other well known targets. The year also witnessed a sharp escalation in the scale and frequency of DDoS attack activity on the Internet. The 100 Gbps attack barrier was reached for the first time while application layer attacks hit an all-time high. Service providers experienced a marked impact on operational expense, revenue loss and customer churn as a result, according to a report issued today by Arbor Networks, a leading provider of security and network management solutions for converged carrier networks and next-generation data centers.

Arbor’s longstanding relationships and reputation as a trusted advisor and solution partner to service providers and network operators across the globe make this annual report possible. The report offers a rare view into the challenges of network operators on the front lines of a global battle against botnets and DDoS attacks. It is designed to provide data and insight that will enable network operators to make more informed decisions about their security strategies to ensure availability for mission-critical Internet and other IP-based infrastructure.

“Arbor Networks’ research is utterly indispensible for anyone who wants to understand the network security landscape, how it is evolving and what the implications may be,” said Ethan Zuckerman of Harvard University’s Berkman Center for Internet & Society.

DDoS attacks have gone mainstream
Botnet-driven DDoS attacks are likely to continue as a low cost, high-profile form of cyber-protest in 2011 and beyond. Major incidents in 2010 included DDoS attacks associated with the territorial disputes between China and Japan, the ongoing political turmoil in Burma and Sri Lanka and the WikiLeaks affair. The need to protect availability has finally made it onto the radar screen of enterprise IT consulting firms worldwide, and DDoS defense has consequently reached the status of a CXO-level issue globally.

Attack surface continues to expand
The DDoS attack surface describes all aspects of network infrastructure, servers, protocols and services that are vulnerable to DDoS attacks. As new equipment, protocols and services are introduced into networks, the vulnerable attack surface for DDoS is expanded. This presents a significant challenge for network operators. Botnet-driven volumetric and application-layer DDoS attacks continue to be the most significant problems facing operators. This year’s report also reveals attackers are targeting the infrastructure itself, specifically DNS, VoIP and IPv6.

“Network operators are facing a global Internet insurgency driven by the ubiquity of botnets. This has led to rapidly escalating DDoS attack size, frequency and sophistication,” said Roland Dobbins, solutions architect with Arbor Networks. “Adding to the challenges facing operators is the increasing number of attack vectors, including applications and services, not to mention the proliferation of mobile devices.”

Application-layer DDoS attacks are increasing in sophistication and operational impact
An alarming 77% of respondents detected application layer attacks in 2010. These attacks are targeting both their customers and their own ancillary supporting services, such as domain name system (DNS), Web portals, etc. Internet data center (IDC) operators and mobile/fixed wireless operators report that application-layer DDoS attacks are leading to significant outages, increased operational expenditures (OPEX), customer churn and revenue loss.

Increasingly sophisticated attacks expose IPS and firewall shortcomings
In an effort to achieve DDoS protection, many operators have deployed stateful firewalls and intrusion prevention system (IPS) devices to protect data center infrastructure. In actuality, these devices can render networks more susceptible to attacks as the state tables on even the most scalable versions available can be overwhelmed with a moderate size DDoS attack. Nearly 49 percent of IDC respondents reported a firewall or IPS outage due to DDoS.

Lack of preparedness on mobile networks presents new attack opportunities
The fastest-growing category of Internet service providers (ISP) —mobile and fixed wireless operators—may be the least prepared in terms of network visibility and control and overall ability to defend themselves and their customers against attack. Nearly 60 percent of respondents indicated they have limited or no visibility into the network traffic of their wireless packet cores. In addition, only 23 percent indicated they have visibility into their wireless packet cores on par with, or better than, their visibility into their wireline networks. With some notable exceptions, many mobile/fixed wireless network operators appear to have security postures approximating those of wireline operators eight to 10 years ago.

Operators are struggling to keep up their security posture through transition to IPv6
Operators expressed concern over lack of visibility into IPv6 network traffic and their inability to control that traffic to the same degree they control IPv4 traffic. The additional network state and DDoS vector introduced by deployment of 6-to-4 gateways and network address translators (NATs) is also a significant threat to availability.

DNS emerging as a top target
DNS has emerged as one of the easiest ways to DDoS a server/service/application and take it offline by denying Internet users the ability to resolve server/resource records. Additionally, the large number of misconfigured DNS open recursors, coupled with the lack of anti-spoofing deployments on many networks, allows attackers to launch overwhelming DNS reflection/amplification attacks.

The report is available for download at

About Arbor Networks
Arbor Networks, Inc. is a leading provider of network security and management solutions for converged carrier networks and next-generation data centers, including more than 70 percent of the world’s Internet service providers and many of the largest enterprise networks in use today. Arbor’s proven network security and management solutions help grow and protect our customers’ networks, businesses and brands. Arbor’s unparalleled, privileged relationships with worldwide service providers and global network operators provides unequalled insight into and perspective on Internet security and traffic trends via ATLAS – a unique collaborative effort with 100+ network operators across the globe sharing real-time security, traffic and routing information that informs numerous business decisions.

For technical insight into the latest security threats and Internet traffic trends, please visit our website at and our blog at

Note to Editors: Arbor Networks, Peakflow, ATLAS and the Arbor Networks logo are trademarks of Arbor Networks, Inc. All other brand names may be trademarks of their respective owners.


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Lucie Mann
Lois Paul & Partners
1 781 782 5863
Email >

Jo Jamieson
Harvard Public Relations
44 020 7861 2831
Email >
Visit website