On Aug 1, 2012, at 12:09 PM, Wolfgang Nagele wrote:
Having operated DNS root servers and other DNSSEC
enabled infrastructure for a number of years I have not seen DNSSEC enabled reflection
attacks until just a few months ago. You refer to having seen these for years.
We have seen them for at least the last 18 months or thereabouts.
Also the wider use of regular DNS amplification
attacks seems to only have occured to folks out there just in the last two or so years.
Actually, DNS reflection/amplification attacks have been seen in the wild since at least
See above comment regarding "routine". So a
whole year with no 100Gbps attack according to your survey, yet you claim it is
As previously stated, in the survey and WISR, we only report on data submitted *by survey
respondents*. Our own sensor network does in fact routinely see attacks larger than
100gb/sec, but that isn't what we report on in our WISR - we report on stats submitted
by survey respondents. This is data originated from within the operational security
community, not from within Arbor itself.
I do not trust research by tobacco companies on the
health impact of smoking much.
We are not a tobacco company, nor are we a vendor of attack tools - we are involved in
DDoS defense and mitigation. Our reputation in the industry speaks for itself.
Why would I trust surveys and research from Arbor on
matters of DDoS attacks?
Again, we have no reason to exaggerate - the attackers are creating plenty of demand,
already. I personally would not associate myself with an organization which would
exaggerate matters of such import, and as the primary author of the last three Arbor WISRs
as well as an active member in vetted/trusted operational security mitigation communities
(in which your organization does not seem to be represented, AFAICT), not to mention the
access I have to our ATLAS system, I see the actual data and reports of attacks for myself
and can attest to its veracity.
It is nothing I can verify except that I can say that
discussions with carrier folks and what I hear from Arbor seem to always be off by a
factor of 10.
It depends on which carrier folks you speak with, and which groups/individuals at which
carriers in which regions, as to whether you're actually talking to those who handle
these attacks on an operational basis, and of course which carriers originate/transit/are
targeted by which particular attacks, and when.
Again, Arbor's reputation and our industry research speaks for itself.
This particular subtopic has been exhausted, from my perspective. I'm happy to
continue to discuss technical matters related to reflection/amplification attacks, but I
don't see any value in responding further to any additional non-technical comments on
this or any other thread.
Roland Dobbins <rdobbins(a)arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton