Chinese company hit by mega-DDoS attack

23.11.2011
DDoS criminals are trying to batter down DDoS defences with larger attacks and new techniques, mitigation outfit Prolexic has said, only weeks after the company detected a huge assault on a Chinese company.

The attack on the unnamed organisation and its DNS provider happened between 5 and 12 November and reached 45Gbit/s at peak, equivalent to 69 million packets or 15,000 connections per second, way above the level that can be easily stemmed using standalone appliances, the company claimed.

The assault was sustained over nearly eight days in four different waves, focussing on the vulnerable application layers, a clear attempt to knock the business offline.

"This attack was three times larger in packets per second volume than the biggest attack Prolexic has mitigated previously, which also occurred in 2011" said Prolexic CTO, Paul Sop.

What is new is that the attackers had tried to hit the DDoS defences, which suggests sophistication; attackers assumed that the organisation would have some defences in place that needed to be overcome.

The company's latest analysis of DDoS attack trends for Q3 2011 found that while year-on-year the total number of attacks had decreased, the size of the attacks was growing, with attackers sometimes wielding the huge power of the recent November attack.

China - or attackers using it - appears to be the major source of attacks with 55 percent emanating from the country with the majority of botnets located in the country too. Prolexic expects large DDoS attacks to emanate from China for some time to come.

The most popular DDoS types were those using PPS SYN and ICMP floods while a year ago it was GET floods. Some industries are more at risk than others, which might hint at an industrial motive behind some of what is going on - top targets including gaming, gambling, hospitality and shipping with attacks now lasting 1.2 days on average.

A year ago, Prolexic publicised a Philadelphia-based perfume company it had helped defend from a DDoS in the run up to Christmas 2009.