DDoS Attack Landscape

2018 DDoS Attack Landscape-9

June 12, 2019

Behind DDoS attacks, there are complex economic interests in the underground industry. Therefore, effective governance needs to start from multiple dimensions, including policy, industry, resource, and technical dimensions. This chapter dwells upon how to mitigate DDoS attacks from the following perspectives.


2018 DDoS Attack Landscape-7

May 22, 2019

3.5  Analysis of IoT Attack Sources

3.5.1 Participation of IoT Devices in DDoS Attacks

According to NSFOCUS’s IoT threat intelligence, some DDoS attacks are associated with IoT devices. By further analyzing the proportion of IoT devices in DDoS attack source IP addresses, we find that 3.14% are IoT devices. Although this proportion is relatively small, compared to the large base of DDoS attack source IP addresses, the threat of IoT device-based DDoS attacks cannot be overlooked.


2018 DDoS Attack Landscape-4

April 23, 2019

3.2  DDoS Attack Type Analysis

3.2.1  Proportions of Different Attack Types 

In 2018, the most frequently seen attacks were SYN flood, UDP flood, ACK flood, HTTP flood, and HTTPS flood attacks6, which altogether accounted for 96% of all DDoS attacks. In contrast, reflection attacks contributed to no more than 3% of attacks. Compared with 2017, the year 2018 witnessed an 80% decrease in the number of reflection attacks, but a 73% increase in other attacks. This is because Chinese authorities took effective measures against reflectors (see section 3.1.1 “Attack Count and Traffic”). (more…)

2018 DDoS Attack Landscape-3

April 17, 2019

Analysis of DDoS Attacks in 2018

3.1  DDoS Attack Count and Peak Size

3.1.1  Attack Count and Traffic

In 2018, we observed 148,000 DDoS attacks (down 28.4% from 2017), which generated a total of 643,100 TB of traffic, about the same level as in 2017. DDoS attacks keep expanding in size year by year as large and medium-scale attacks are on the rise, as shown in section 3.1 “Distribution of Peak Sizes.” (more…)