DDoS attack data collected during the first quarter of 2015 by Arbor Networks shows the average Australian attack lasted 22 minutes, compared with 46 minutes for the Asia Pacific region.
Despite the shorter duration, the average Australian attack size was 1.25Gbps, about twice the regional average.
Most very large attacks use the reflection amplification technique. This involves sending relatively small queries (with the originating IP address spoofing that of the attack target) to servers, which then send a much longer reply to the target.
|
Arbor said Network Time Protocol (NTP), Simple Service Discovery Protocol (SSDP) and DNS servers are commonly being used in such attacks.
SSDP is most frequently used in Australian attacks, with the largest involving 26Gbps. The largest NTP reflection attack was almost twice as big at 51Gbps.
"The short duration of attacks reported in Q1 is interesting. Short bursts of DDoS attack activity require automated defences to protect against them," said Arbor Networks' Australia country manager Nick Race (pictured).
"Operators in Australia absolutely should take note. On-premise DDoS protection is essential for both detection and mitigation of attacks, enabling bad traffic to be scrubbed in an immediate and automated fashion.
"Additionally, integrating that on-premises protection to the cloud is also critical; this is where Arbor's Cloud Signaling technology plays an important role."
Arbor Networks publishes the Digital Attack Map showing the top daily DDoS attacks worldwide.