The top attacks we see daily are DNS amplification attacks and IP fragmentation attacks …. SSDP and NTP based floods used to be really high at one point but dropped off quite a bit in past 6 months…
Typical IP fragmentation attack in the past 24 hours is upwards of 7.5mpps at 16Gbps – often smaller and sometimes larger…. DNS amplification follows a similar stat From: Af <[email protected]> on behalf of Zach Underwood <[email protected]> Reply-To: <[email protected]> Date: Tuesday, November 14, 2017 at 9:30 PM To: <[email protected]> Subject: Re: [AFMUG] PPS limits So far the last 30 days attacks has been dsl end users(we dont mitigate just pass traffic) in the evening and after hours. Then schools get attack during the school day we and mitigation for our clients and pass the traffic for the non clients of the ddos service. Thanks guys this has given an a few ideas for thresholds. PS George The below attack was from today 159.6 Mbps/415.5 Kpps peak Nov 14 07:01 – 13:26 (almost 6+1/2 hours) all icmp On Tue, Nov 14, 2017 at 9:13 PM, Josh Reynolds <[email protected]> wrote: Imagine shit talking people with no repercussions. Imagine having a lan party every day with hundreds or thousands of people. That's what kids who play games online these days experience. It's not exactly the same, but it's pretty close. On Tue, Nov 14, 2017 at 8:11 PM, Dave <[email protected]> wrote: > I really wish the kids would interact more personal like the 80's arcades > that died. > Maybe even a group over lan party with some DUKE NUKEM 3D.... LOL! > > > On 11/14/2017 08:08 PM, George Skorup wrote: > > I've seen several DDoS attacks targeting the Xbox shit talking kids. The > normal garbage UDP floods >100k PPS doesn't seem to affect CCRs all that > much. The last time the CPU jumped from 3% to maybe 10%. But recently I saw > an ICMP flood type attack (yet again targeting the Xbox dipshits). The > CCR1036-12G-4S did not like that at all. The CPU load was around 90% and > winbox was very sluggish. > > On 11/14/2017 8:00 PM, Sterling Jacobson wrote: > > Most standard routers would die on that much pps of that size. > > > > If you look on routerboard.com at the mikrotik stuff, they have charts at > the bottom of most of their gear that show how much traffic they can move > given the packet size and pps and Mbps etc. > > > > Compare that with the CPU and you can get an idea of what it takes to > switch/router or packet inspect stuff with rules. > > > > From: Af [mailto:[email protected]] On Behalf Of Zach Underwood > Sent: Tuesday, November 14, 2017 2:32 PM > To: [email protected] > Subject: [AFMUG] PPS limits > > > > I am trying to put some ddos attacks in perspective in terms of pps. > > > > Here are two examples > > 545.4 Mbps/2.4 Mpps udp packet size less than 150byte > > 2.0 Gbps/8.5 Mpps udp packet size less than 150byte > > > > What size router would fall over with 1+ Mpps of traffic. > > example ubnt ER-8 clams 2Mpps. > > > > > -- > > Zach Underwood (RHCE,RHCSA,RHCT,UACA) > > My website > > advance-networking.com > > > -- Zach Underwood (RHCE,RHCSA,RHCT,UACA) My website advance-networking.com
