There has been online chat around large scale distributed denial-of-service (DDoS) threats following the Spamhaus attack in March.
Speaking to SC Magazine, Darren Anstee, solutions architect team manager for Arbor Networks, said that after the attack, which he said was measured "to within a couple of per cent of 300Gbps", Arbor had seen more talk about the possibilities of launching such an attack but he expected most to standardise to 80-100Gbps. Arbor's January 2013 Annual Worldwide Infrastructure Security report said that DDoS attacks had standardised at 60Gbps, but post Spamhaus this was expected to rise.
Anstee said: “The attack on Spamhaus used DNS reflection amplification and while this is nothing new, the capability is out there; 100Gbps of traffic can be created that way and we have seen more like that, but the capability is out there to be even bigger than Spamhaus.
“It is unlikely to happen though as the attacker would not want to attract attention, as it will be the biggest attack ever seen. Since Spamhaus we have listened into the attacker community on DNS amplification reflection and research has seen more chatter and talk about it, and there are more examples of using DNS servers rather than a botnet..”
A man was arrested in Barcelona in late April in relation to the Spamhaus attack.
Anstee said that of all the attacks seen over the course of 2012, it had nearly three quarters of the number of attacks over 20GB in Q1 of 2013 that it had seen in the whole of 2012. Anstee said that following a series of attacks on US banks, there is a realisation that a lot of web servers can be compromised and these were better than a botnet for purposes of performance and speed, as well as connectivity. “Here you can be connected at a faster rate, be more agile and be more effective,” he said.