Academics from the University of Twente (Netherlands); UC San Diego (USA); and Saarland University (Germany) recently conducted research that found that one-third of all /24 networks have suffered at least one DoS attack over the last two years. The research also found that “an average of 3% of the Web sites in .com, .net, and .org were involved with attacks, daily.” The study results were presented in a report titled, “Millions of Targets Under Attack: a Macroscopic Characterization of the DoS Ecosystem,” which the researchers presented at last week’s Internet Measurement Conference in London. (Note that the research seems to refer to both denial of service attacks and distributed denial of service attacks as simply “DoS attacks.”)
Security experts have long recognized that DDoS attacks are an increasing problem, but it is helpful to have large-scale, independent research that validates what vendors and organizations observe. According to a SecurityWeek article, “By combining the direct attacks with the reflection attacks, the researchers discovered that the internet suffers an average of 28,700 distinct DoS attacks every day. This is claimed to be 1000 times greater than other reports have indicated.” To learn that the number of attacks is actually 1,000 times greater than previously thought is quite astounding, indeed. Perhaps it is a wake-up call to those who are unaware of the scope and gravity of the DDoS problem.
One of the most interesting findings from this report is that “low-level, even if repeated, attacks are largely ignored by the site owners. By correlating attacks with the time web sites migrated their DoS defense to third-party DPS companies, the researchers were able to determine what triggers the use of a DPS. They found, in general, that attack duration does not strongly correlate with DPS migration; but early migration follows attacks of high intensity.”