back to article 500Gbps DDoS attack flattens world record

The world's largest distributed denial of service attack has been clocked at 500Gbps, according to Arbor Networks. The attack was reported by a third party and is yet to be analysed, other than in terms of its size. British teen Seth Nolan-Mcdonagh likely held the title for the previous largest DDoS, which came in at 300Gbps …

  1. Anonymous Coward
    Anonymous Coward


    In the grand scheme of things though is that really a lot? Ive never had to fend of a DDoS attack.

    Anyone care to add some perspective?

    1. phuzz Silver badge

      Re: Wowsa.

      Well, the computer you're using now probably has a 1Gbps ethernet port, and unless you have a fast harddrive, you'll probably struggle to saturate that connection.

      So, not only would you have to have enough aggregate bandwidth across your network switches, servers and other networking gear, you'd also need the processing capacity to deal with that much data so quickly (even if you're just dropping the traffic). So yes, that's a big amount of data to deal with.

      1. Anonymous Coward
        Anonymous Coward

        Re: Wowsa.


        Yeah that much I gathered. However if one is able to measure the magnitude of a DDOS attack does that not suggest they have bandwidth to spare...or does it suggest that 500gbps is their upper limit?

        Also is the effect of the 500gbps that the bandwidth is getting chewed up or is it that the infrastructure cant handle the number of incoming sessions at that rate?

        Apols for the retarded question(if indeed it is retarded). I am an experienced techie but for some reason I cant put myself in the shoes of the person fending off something like this.

        It'd be interesting to know the experience from a victims side for once!

        1. alexdonald

          Re: Wowsa.

          The comments on this article are quite informative:

    2. Preston Munchensonton

      Re: Wowsa.

      500Gbps, as a distributed set of connections, totals at least 25000 TCP or UDP connections and likely far more than that to ensure a sustained rate. If your own PC ever hit 100 connections, you'll notice the performance impact.

  2. Dan Wilkie

    Well I'd guess it would tax your switches a tad...

  3. Martin hepworth

    BBC at 602GBS

    the BBC DDOS was allegedlly even higher so they mustnt use Arbor then...

  4. TJ1

    dd if=/dev/cpe of=(ISP != BCP38 ? /dev/null : /dev/internet)

    Solution is BCP38 a.k.a. RFC2827 in the CPE/hosting network's ingress/egress routers. Block before the packets are able to aggregate and thus avoid overloading links and devices close to the target.

    "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing"

    It's a crying shame that this simple solution has been around for many many years but those that could do most to prevent the spoofing-based attacks don't/won't apply it.

    If you're an ISP network engineer it'd be good to know if you're aware of the RFC, and if so, reasons why you do - or do not - implement it on your ingress/egress routers?

    Each network knows what sub-nets it should be routing and can easily drop any source addresses that are outside the valid sub-nets.

    The only way to mandate it is by interchanges and backhaul providers dropping peering with CPE/hosting networks that do not implement BCP38. Until recently it seems like handling DDoS traffic has been seen as an acceptable business cost. Maybe as these attacks get larger and more frequent that cost will push the buttons.

  5. Joseba4242

    Whether that's a lot to deal with depends on the nature of the attack. If it's a simple (reflective) UDP attack to a non-UDP service then you can easily filter that at the network borders where such a capacity is available in the large national networks and certainly in the Tier 1 ISPs.

    If it's an attack simulating the application (eg. a HTTP attack to a HTTP service) from similar networks as legitimate clients then you need a more intelligent scrubbing capability that can analyse and block the traffic in detail. For that it's big.

    1. leexgx

      problem is when your at pass 500Gbps is not about blocking it you start to break the internet itself in places before it even gets to the ISPs/target that don't have that 500Gbps links

      one DDoS had take out 2-3 ISPs temporary due to the flood of data as they started to target transient providers gateways that had Routable IP addresses

      bcp38 needs implementing at ISP levels and openDNS and time servers the hosting providers should automatically cut them off when they are running services like that

      1. Z80A


        @leexgx are you too lazy or short of time to punctuate or proofread your own post? Please don't waste the valuable time of Reg readers with speakwrite babble.

        to you're credit the information you have to share could be useful but it becomes much less useful when poorly presented think about how how hard it is to read

  6. Anonymous Coward

    Yet more Linux Apple Android DDoS attacks

    "It sounds like white noise everywhere, which is like silence but not empty."

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like