At 11:45 AM 1/16/02 -0600, Paul Froutan wrote:
Hello all, Can some of you with larger networks let me know about the volume of the DoS attacks you have experienced lately? Our experience has been that the volume (not just occurrence) is going up significantly and I'm curious on the size of attacks that people are experiencing. For reference, while a year or two ago we used to get 50-100 meg attacks, now we're getting 500+ megs.
I don't have a large network, but I had three yesterday morning between 7 and 10am MST and apparently one last night between 11:30pm and 2am MST that rippled through until 5am. That is way high. We typically see one every six months or so (modulo worms). These appeared to be customer hosts as unwitting dDoS participants... smaller than usual effects probably because we had participants/sources rather than targets, but one yesterday was big enough to take us down. Unix servers. No spoofing or amps involved (we filter). High pps, average packet size down to 66 bytes. Didn't snag a capture. These were not nimda or any form thereof as we have cut off folks who were not fully patched. ...Barb