We aren't the only ones who see these - and in
fact, we see attacks much larger than this, but we typically publicly report what survey
respondents (i.e., network operators themselves) report in our annual Worldwide
Infrastructure Security Report. Large ISPs around the world see these attacks, as they
and their customers are on the sending, receiving, or transiting side of the attack
traffic in question.
Maybe we just have a different opinion on "routine"
then. 100Gbps are not what I have seen or heard anywhere as routine just yet. But we are
most certainly heading there, that I do agree with.
Having operated DNS root servers and other DNSSEC enabled infrastructure for a number of
years I have not seen DNSSEC enabled reflection attacks until just a few months ago. You
refer to having seen these for years. Also the wider use of regular DNS amplification
attacks seems to only have occured to folks out there just in the last two or so years.
In fact, even though we saw several attacks larger
than 100gb/sec last year, we only reported the largest attack which survey respondents
reported, which was 65gb/sec - down from 100gb/sec in the 2010 report.
comment regarding "routine". So a whole year with no 100Gbps attack according to
your survey, yet you claim it is "routine". Hmm.
Arbor has an excellent reputation in the global
operational security community. We are well-known for our community-sourced research and
public educational efforts centered around opsec BCPs. We have no need to exaggerate the
threat to availability represented by DDoS attacks, as those who are affected by them can
attest - and as a quick search on 'DDoS' via any mainstream search engine will
I do not trust research by tobacco companies on the health impact of
smoking much. Why would I trust surveys and research from Arbor on matters of DDoS
attacks? It is nothing I can verify except that I can say that discussions with carrier
folks and what I hear from Arbor seem to always be off by a factor of 10.