On Aug 1, 2012, at 12:09 PM, Wolfgang Nagele wrote:
Having operated DNS root servers and other DNSSEC enabled infrastructure for a number of years I have not seen DNSSEC enabled reflection attacks until just a few months ago. You refer to having seen these for years.
We have seen them for at least the last 18 months or thereabouts.
Also the wider use of regular DNS amplification attacks seems to only have occured to folks out there just in the last two or so years.
Actually, DNS reflection/amplification attacks have been seen in the wild since at least 2007.
See above comment regarding "routine". So a whole year with no 100Gbps attack according to your survey, yet you claim it is "routine". Hmm.
As previously stated, in the survey and WISR, we only report on data submitted *by survey respondents*. Our own sensor network does in fact routinely see attacks larger than 100gb/sec, but that isn't what we report on in our WISR - we report on stats submitted by survey respondents. This is data originated from within the operational security community, not from within Arbor itself.
I do not trust research by tobacco companies on the health impact of smoking much.
We are not a tobacco company, nor are we a vendor of attack tools - we are involved in DDoS defense and mitigation. Our reputation in the industry speaks for itself.
Why would I trust surveys and research from Arbor on matters of DDoS attacks?
Again, we have no reason to exaggerate - the attackers are creating plenty of demand, already. I personally would not associate myself with an organization which would exaggerate matters of such import, and as the primary author of the last three Arbor WISRs as well as an active member in vetted/trusted operational security mitigation communities (in which your organization does not seem to be represented, AFAICT), not to mention the access I have to our ATLAS system, I see the actual data and reports of attacks for myself and can attest to its veracity.
It is nothing I can verify except that I can say that discussions with carrier folks and what I hear from Arbor seem to always be off by a factor of 10.
It depends on which carrier folks you speak with, and which groups/individuals at which carriers in which regions, as to whether you're actually talking to those who handle these attacks on an operational basis, and of course which carriers originate/transit/are targeted by which particular attacks, and when.
Again, Arbor's reputation and our industry research speaks for itself.
This particular subtopic has been exhausted, from my perspective. I'm happy to continue to discuss technical matters related to reflection/amplification attacks, but I don't see any value in responding further to any additional non-technical comments on this or any other thread.
-----------------------------------------------------------------------
Roland Dobbins