on
He provides no comment as to the source of these attacks,
only technical facts, however, we will all be looking at how the EU responds to
this attack on a member state of the
tell us how much backbone the unelected EU control freaks may have and how they would look to protect its borders and citizens when the unwelcome, and
undemocratic treaty and constitution are put in place.
He says ATLAS gives us
an amazing view into the Internet’s activities. ATLAS collects DoS attack data
from around the world through sharing arrangements and even from some of our Peakflow
SP deployments. As such, the recent DDoS attacks on
are visible, in part, from within ATLAS.
As you can imagine, having development access to the ATLAS data repository
allows me to build new reports and crunch the data in new and exciting ways. I
analyzed about 2 weeks of DDoS attacks on
this morning using internal tools and reporting systems, and here’s what I
found.
We’ve seen 128 unique DDoS attacks on Estonian websites in the past two
weeks through ATLAS. Of these, 115 were ICMP floods, 4 were
SYN floods, and 9 were generic traffic floods. Attacks were not distributed
uniformly, with some sites seeing more attacks than others:
|
Attacks |
Destination |
Address or |
|
35 |
“195.80.105.107/32? |
pol.ee |
|
7 |
“195.80.106.72/32? |
www.riigikogu.ee |
|
36 |
“195.80.109.158/32? |
www.riik.ee, www.peaminister.ee, www.valitsus.ee |
|
2 |
“195.80.124.53/32? |
m53.envir.ee |
|
2 |
“213.184.49.171/32? |
www.sm.ee |
|
6 |
“213.184.49.194/32? |
www.agri.ee |
|
4 |
“213.184.50.6/32? |
|
|
35 |
“213.184.50.69/32? |
www.fin.ee (Ministry of Finance) |
|
1 |
“62.65.192.24/32? |
|
The attacks themselves haven’t been steady, at least from the perspective
given by ATLAS. If we look at how many attacks occurred on every day, we can
see that they peaked a week or so ago, but they haven’t necessarily stopped.
|
Attacks |
Date |
|
|
21 |
2007-05-03 |
|
|
17 |
2007-05-04 |
|
|
31 |
2007-05-08 |
|
|
58 |
2007-05-09 |
|
|
1 |
2007-05-11 |
|
As for how long the attacks have lasted, quite a number of them last under
an hour. However, when you think about how many attacks have occurred for some
of the targets, this translates into a very long-lived attack. The longest
attacks themselves were over 10 and a half hours long sustained, dealing a
truly crushing blow to the endpoints.
|
Attacks |
Date |
|
|
17 |
less than 1 minute |
|
|
78 |
1 min – 1 hour |
|
|
16 |
1 hour – 5 hours |
|
|
8 |
5 hours to 9 hours |
|
|
7 |
10 hours or more |
|
Finally, this is a decent sized botnet behind the attack, with aggregate
bandwidth at our points of measurement maxing out at nearly 100 Mbps.
|
Attacks |
Bandwidth |
|
|
42 |
Less than 10 Mbps |
|
|
52 |
10 Mbps – 30 Mbps |
|
|
22 |
30 Mbps – 70 Mbps |
|
|
12 |
70 Mbps – 95 Mbps |
|
Largest attacks we measured: 10 attacks measured at 90 Mbps, lasting upwards
of 10 hours. All in all, someone is very, very deliberate in putting the hurt
on
this kind of thing is only going to get more severe in the coming years.
