NETSCOUT Arbor Confirms 1.7Tbps DDoS Attack
March 2018 by NETSCOUT Arbor
This attack was recorded by NETSCOUT Arbor’s ATLAS global traffic and threat data system, is more than 2x the largest NETSCOUT Arbor had previously seen, and targeted the customer of a U.S.-based service provider.
Why is this significant? This is significant from two angles, firstly from an offensive perspective, last week, Akamai confirmed the first ever terabit attack, a 1.3Tbps attack targeting GitHub. Both attacks used the same techniques – memcached services and reflection amplification. Two different terabit attacks in one week is a stark warning to network operators that they need to be prepared for mega attack sizes going forward.
From a defensive perspective, this attack is testament to the defence capabilities that this Service Provider had in place to defend against an attack of this nature that no outages were reported because of this. These massive attacks can be defended with best practice defences. It is critical that DDoS mitigation service providers have sufficient scale and expertise to block attacks of this size. Arbor Cloud, for example, has been sized to over 10x the largest attack seen previously so it is well equipped to handle attacks of this scale.
It is critically important that companies to take the necessary steps to protect themselves, and that starts with implementing best current practices. The Arbor Security Engineering and Response Team (ASERT) discuss current best practices on their blog.
This attack signals that the terabit attack era is now upon us. While the internet community is coming together to shut down access to the many open memcached servers out there, the sheer number of servers running memcached openly will make this a lasting vulnerability that attackers will exploit. If the internet community is able to adjust and make significant progress on memcached servers, we should expect terbit attacks to continue.