Statistics of Internet attacks today
Arbor Networks company that supports security of big ISPs and corporations has completed a survey about actual threats of Internet.
New Battles for ISPs
ISPs spent most of their security resources combating DDoS attacks. This year ISPs describe a far more diversified range of threats, including concerns over domain name system (DNS) spoofing, border gateway protocol (BGP) hijacking and spam. Others expressed concern over related service delivery infrastructure, including voice over IP (VoIP) session border controllers (SBCs) and load balancers.
40 Gigabits attacks
From relatively humble megabit beginnings in 2000, the largest DDoS attacks have now grown a hundredfold to break the 40 gigabit barrier this year.
The below graph shows the yearly reported maximum attack size:
(from 0.4 inĀ 2001 to 40 in 2007)
Services Under Threat
Providers reported growth in sophisticated service-level attacks at moderate and low bandwidth levels attacks specifically designed to exploit knowledge of service weakness like vulnerable and expensive back-end queries and computational resource limitations.
More than half of the surveyed ISPs believe serious security threats will increase in the next year.
ISPs were also unhappy with their vendors and the security community. Most believe that the DNS cache poisoning flaw disclosed earlier this year was poorly handled and increased the danger of the threat.
Finally, the surveyed ISPs also said their vendor infrastructure equipment continues to lack key security features (like capacity for large ACL lists) and suffers from poor configuration management and a near complete absence of IPv6 security features. While most ISPs now have the infrastructure to detect bandwidth flood attacks, many still lack the ability to rapidly mitigate these attacks.
According to The Arbor Networks security blog [http://asert.arbornetworks.com/2008/11/2008-worldwide-infrastructure-security-report/]
