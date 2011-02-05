Link11 DDoS Report Q3 2019 shows ongoing danger from high-volume and application attacks

November 2019 by Link11

Link11 has published its DDoS statistics for Q3 2019. Volume attacks remained the most important attack form in the third quarter of 2019. Such high bandwidth attacks are intended to block the attacked company’s external connection. In this quarter, the bandwidth peak was 102 Gbps.

Massive attack bandwidths due to reflection amplification techniques In many cases, the attackers relied on reinforcement techniques to drive up the attack volumes. DNS reflection was by far the most frequently used reflection amplification vector (42%). This was followed by SNMP with 21% and CLDAP with 14%. New attack techniques, such as WS Discovery and Apple Remote, which were registered for the first time in the second quarter of 2019, were detected several times in attacks.

Just over half of all attacks (52%) used several attack techniques. Most frequently, the attackers combined three attack vectors. The maximum number of vectors registered by LSOC in Q3 was 11.

Application level attacks block server resources

Furthermore, the latest figures from network monitoring indicate that attackers are deploying application and protocol attacks more and more frequently. Attacks at application level are aimed directly at application functions and APIs, but not at the Internet connection. Their aim is to cripple the processes and resources for layer 7. Low bandwidths and high package rates are characteristic for application attacks.

"Our analyses show that there is no cause for an all-clear," according to Rolf Gierhard, Vice President Marketing at Link11. "Attackers are increasingly combining multiple attack techniques or expanding their attack set with new protocols. Attacks are becoming more intelligent and disguising themselves as legitimate network traffic. This makes it difficult for many companies to detect them quickly and effectively avert them."

Further findings from Link11’s Q3 DDoS statistics include:

• The largest attack registered by Link11’s network reached a peak bandwidth of 102 Gbps

• The highest packet rate seen was 29 million packets per second

• The longest attack during the quarter lasted 1,477 minutes, i.e. over 24 hours

The data is based on defended attacks on websites and servers that are protected by Link11. In addition to network analyses and evaluation of DDoS attack data, the Link11 DDoS report also makes use of open source intelligence (OSINT) analyzes.