Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2016-02-07 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

DDOS is down, but still a concern for ISPs

Published: 2016-02-07
Last Updated: 2016-02-07 15:15:15 UTC
by Rick Wanner (Version: 1)
1 comment(s)

For many reasons,most ISPs are finding that service affecting DDOSes, which were a common occurrence as little as a year ago are rare in the later half of 2015 and so far in 2016.  Hopefully the arrest of some alleged members of DD4BC will also put a damper on the DDOS for ransom fad.  That said DDOS is not dead.  It appears booters services, DDOS for hire services with intent to be a nuisance for individual Internet users, are still a problem which ISPs worldwide are seeing.

The graph shows the common UDP traffic for one ISP.

The large spikes show DDOS attacks, typically aimed at a single IP.   As you can seen the traffic is typically a mix of DNS, port 0, with some chargen thrown in.  For some reason SSDP, which was a large part of attacks in the recent past, has become a small part of the traffic mix in today's attacks. 

 

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Keywords: DDOS
1 comment(s)
Diary Archives