/plushcap/analysis/cloudflare/network-layer-ddos-attack-trends-for-q2-2020

Network-layer DDoS attack trends for Q2 2020

What's this blog post about?

In Q2 2020, the number of L3/4 DDoS attacks observed over Cloudflare's network doubled compared to that in Q1. The scale of the largest L3/4 DDoS attacks increased significantly, with some of the largest attacks ever recorded observed during this period. More attack vectors were deployed and attacks were more geographically distributed. In May 2020, there was a significant increase in the number and size of attacks, coinciding with the heightened global pandemic situation. Small attacks continued to dominate in numbers as big attacks got bigger in size. The majority of L3/4 DDoS attacks observed in Q2 peaked below 10 Gbps, but these 'small' attacks can still easily cause an outage or service degradation if not protected by a cloud-based DDoS mitigation service. In terms of duration, 83% of all attacks lasted between 30 to 60 minutes. The largest DDoS attack on Cloudflare's network in Q2 was detected and mitigated automatically, with no impact to performance due to the size and global coverage of their network. The United States received the most number of L3/4 DDoS attacks, followed by Germany, Canada, and Great Britain. In terms of total attack bytes mitigated, the United States led, but was followed by Hong Kong, Russia, Germany, and Colombia. 57% of all L3/4 DDoS attacks in Q2 were SYN floods, with a total of 39 different types of attack vectors used. Cloudflare's three-pronged protection approach includes Gatebot for detecting and mitigating globally distributed volumetric DDoS attacks, dosd for analyzing traffic and applying local mitigation rules when needed, and flowtrackd for detecting and mitigating the most randomized and sophisticated TCP-based DDoS attacks.

Company
Cloudflare

Date published
Aug. 5, 2020

Author(s)
Vivek Ganti, Omer Yoachimik

Word count
1910

Language
English

Hacker News points
5


By Matt Makai. 2021-2024.