On Jan 20, 2010, at 8:32 AM, Stefan Fouant wrote:
I'm wondering if you can clarify why 'Figure 1' only goes up to 2008 and states in key findings "This year, providers reported a peak rate of only 49 Gbps". I happen to personally recall looking at ATLAS sometime last year and seeing an ongoing attack that was on orders of magnitude larger than that.
That was an error in the chart (which has since been corrected), it should have illustrated that 2009 respondents indicated 49 Gbps was the largest observed attack. FWIW, I've seen empirical evidence supporting much larger attacks (~82 Gbps), and the Akamai folks indicated recently they'd seen attacks on the order of 120Gbps towards a single target. However, these attacks were NOT reflected in survey feedback expressly, and were therefore not included in the report.
An interesting observation was the decrease in the use of flow-based tools, and the corresponding increase in the use of things like SNMP tools, DPI, and customer calls for attack detection. Surely this must have been a factor of a larger respondent pool... I'd really like to think people aren't opting not to use flow-based tools in favor or receiving customer calls :(
Yep, I think this is simply an artifact of a larger respondent pool size, with many smaller respondents being represented. -danny