Verisign Mitigates 300 Gbps DDoS Attack and Other Q2 2014 DDoS Trends

Home / Blogs

Verisign Mitigates 300 Gbps DDoS Attack and Other Q2 2014 DDoS Trends

	By Danny McPherson Executive Vice President, Engineering, Operations, and Chief Security Officer at Verisign
	August 13, 2014 Views: 11,232 Comments: 1

Click to Enlarge / Download PDFIt has been another busy quarter for the team that works on our DDoS Protection Services here at Verisign. As detailed in the recent release of our Q2 2014 DDoS Trends Report, from April to June of this year, we not only saw a jump in frequency and size of attacks against our customers, we witnessed the largest DDoS attack we’ve ever observed and mitigated—an attack over 300 Gbps against one of our Media and Entertainment customers.

This attack is significant for a number of reasons and I encourage you to read a detailed recounting of the attack timeline as well as the various trends we track in the report.

Here are a few highlights:

Verisign saw a 216 percent increase in average peak attack size over Q1 2014 and a 291 percent increase in average peak attack size year over year.
Overall, Verisign saw an 87 percent increase in peak DDoS attack size year over year.
Attacks in the 5-10 Gbps range increased 33 percent and attacks greater than 10 Gbps increased 16 percent.
65 percent of attacks were greater than 1 Gbps.
Media and Entertainment was the most targeted industry, followed closely by IT Services/Cloud/SaaS, both making up 84 percent of all attacks mitigated in Q2.

If you’d like to read about what we saw in Q1, you can access that report here.

By Danny McPherson, Executive Vice President, Engineering, Operations, and Chief Security Officer at Verisign

Danny is responsible for all aspects of Verisign’s information systems and services, as well as information and corporate security. Additionally, he represents Verisign in key forums focused on critical infrastructure, engineering, research, security, and online trust. With over 20 years of experience in the internet network operations, security, and telecommunications industries, McPherson brings tremendous technical leadership and operational expertise to the company.

Visit Page

Filed Under

Comments

dns resolution Carl Byington – Aug 14, 2014 3:09 PM

http://www.verisigninc.com/assets/VRSN_DDoS_TR_Q1_201405-web.pdf

Trying to resolve that URL, we need:

dig http://www.verisigninc.com ns @a1.verisigndns.com. +edns +norecur
...
http://www.verisigninc.com. 600 IN NS gslb.shared-fo.brn1.verisign.com.

dig http://www.verisigninc.com a @gslb.shared-fo.brn1.verisign.com. +edns +norecur
...
http://www.verisigninc.com. 30 IN A 69.58.187.40

dig http://www.verisigninc.com ns @gslb.shared-fo.brn1.verisign.com. +edns +norecur
...
;; ->>HEADER<

<- opcode: QUERY, status: NXDOMAIN, id: 48652

dig

http://www.verisigninc.com a @gslb.shared-fo.brn1.verisign.com. +edns +norecur +nsid
...
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 338

The load balancer at gslb.shared-fo.brn1.verisign.com does not know about NS records, and it chokes on edns options. See rfc5001 from 2007. One might think that verisign could handle an option that was standardized 7 years ago.

# 1 Reply | Link | Report Problems

The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet