Printer Friendly

Internet Service Providers (ISP) Report Emergence of Massive (10-20Gbps) Attacks Over the Last 12 Months.

LEXINGTON, Mass. -- Findings Gathered from Arbor Networks' Second-Annual Global Infrastructure Security Report

Arbor Networks(R), a provider of core-to-core network security and operational performance for global business networks, released its second-annual Worldwide Infrastructure Security Report today in cooperation with the Internet network security operations community. This survey is the second edition of an ongoing series of annual operational security surveys designed to help network operators make informed decisions about their use of network security technology to protect their mission-critical infrastructure. Addressing the second half of 2005, Arbor's report includes input from 55 self-classified tier-1, tier-2, and hybrid IP network operators in North America, Europe and Asia.

Key Findings - Attacks Are On the Rise

This second edition survey found that Distributed Denial of Service (DDoS) attacks are still the most significant threat to ISPs today. In fact, six years after the initial flurry of well-publicized DDoS attacks, the majority of surveyed operators are spending more resources addressing DDoS than any other security threat, including worms and other botnet-based attacks.

Second to DDoS attacks - which are largely executed by botnets - network operators are most concerned with other malicious activity for which botnets are employed. These activities include phishing, spam, ID theft and form-logging. Of those who responded that botnet-based threats were a primary concern, Arbor identified the following botnet trends:

--Command and control channels are harder to infiltrate and better monitored by botherder;

--More bots, botnets, and firepower exist as variations of older bots continue to emerge;

--Bots are hiding better, are more difficult to remove and are more organized; and

--Botnets are more resilient to take down, have more capabilities, are more flexible, and are better packed to resist detection and analysis.

"One of the reasons bots are more difficult to detect today is because they are no longer being used for obvious malicious activity," commented Craig Labovitz, director of network architecture for Arbor Networks. "That is, rather than simply spewing tons of easily discernible attack data onto the network, botnet activity today tends to fly 'under the ISPs radar', making detection and mitigation immeasurably more difficult".

Other key findings from the survey include:

--Attack firepower grows. Feedback from ISPs concludes that there is a continued growth in the frequency and magnitude of multi-gigabit, supra backbone DDoS attacks. ISPs now regularly report attacks beyond than capacity of core backbone circuits in the 10-20Gbps range. This is driven by the proliferation of broadband Internet connectivity globally and network convergence.

--Zombies rule. Despite the best efforts of firewall, IDS and OS vendors, there is no end in sight to the rise of millions of compromised end systems available to participate in DDoS or other illegal activities.

--ISPs finish the job. Lacking more advanced infrastructure/tools, most ISPs primarily mitigate attacks by filtering all traffic to the victim. While this successfully protects ISPs backbones from collapse under DDoS, the mitigation "cure" may be worse than the original DDoS.

--Few attacks reported to authorities. Despite an average of 40 customer impacting attacks per month, most attacks go unreported to law enforcement organizations by ISPs.

--The miscreant economy continues to grow. There's been an observable uptick in botnets employment for revenue generating purposes - the game is changing as the "business of botnets evolves".

--ISPs need for revenue streams continues. Network operators are concerned that as a renewed focus on return-on-investment (ROI) emerges, ISPs are finding themselves in a very difficult position when it comes to infrastructure security, botnets in particular. While a slight majority of ISPs believe they might actually be in a position to defend themselves against compromised hosts, they believe it will be extremely difficult to do so without first generating new revenue opportunities to fund the effort.

Emerging Threats

As a result of newly emerging network security threats, the study posed questions on infrastructure security threats ranging from DNS to VOIP attacks. Roughly half of the surveyed ISPs indicated they had deployed mechanisms to detect both DNS and VOIP threats. While many providers are still in the early stages of planning or deployment of commercial VOIP services and few reported attacks against VOIP infrastructure, providers are increasingly wary of this new and emerging security threat.

"The good news is that ISPs are continuing to deploy more sophisticated attack mitigation systems today than ever before," commented Danny McPherson, Chief Research Officer at Arbor Networks. As new security threats emerge and other security threats - like botnet attacks - become more sophisticated, destructive and invasive, we hope that the findings within these annual research reports will assist ISPs as they make decisions on how to protect their mission-critical infrastructure. Our ultimate goal is to provide actionable elements to the survey results that network operators can apply to their network security programs immediately."


This edition of the survey consisted of 65 multiple choice and free response questions - as opposed to 32 questions in the previous edition - covering the major operational security issues faced by network security operators today. Questions included topics related to observed threats against backbone infrastructure and individual customers, what techniques are employed to protect network infrastructure, and what mechanisms are used to detect and respond to security incidents. In addition to the tier-1 ISPs, large content and hosting providers, and a broad cross-section of tier-2 networks included in the survey, a large number of "hybrid" network operators were surveyed as well. Hybrid networks represent large-scale globally distributed enterprise networks with multiple Internet access interconnections, and provide their organization with traditional end-users services as well as network connectivity.

To download a copy of Arbor Network's second-annual Worldwide ISP Infrastructure Security Report, please go to

About Arbor Networks

Arbor Networks(R) delivers core-to-core network security and operational performance for global business networks. Arbor's Network Behavioral Analysis (NBA) solutions are based on the Arbor Peakflow(R) platform, providing real-time views of network activity enabling organizations to instantly protect against worms, DDoS attacks, insider misuse, and traffic and routing instability as well as segment and harden networks from future threats.

Today, Arbor Networks' customer base is comprised of a broad range of service provider and enterprise customers within a variety of industries spanning the globe, demonstrating the depth and breadth of Arbor Networks security expertise. All rely on the Arbor Peakflow platform to prevent costly downtime, enable network cleanup, and increase customer trust.

To learn more about Arbor Networks, please visit:

And, to learn more about the Arbor Security Engineering & Response Team (ASERT) - the company's security research arm - please visit the ASERT blog:

Note to Editors: Arbor Networks and Peakflow are registered trademarks and the Arbor Networks logo and ArbOS are trademarks of Arbor Networks, Inc. in the USA and other countries. All other trademarks are the property of their respective owners.
COPYRIGHT 2006 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2006, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Publication:Business Wire
Date:Sep 12, 2006
Previous Article:Boeing Selects FAST to Support the U.S. Army's Future Combat Systems.
Next Article:Arbor Networks Unveils Arbor Peakflow SP 3.5 and Introduces New Threat Management System (TMS) Device; A Unique Solution for Service Providers Which...

Related Articles
AT&T enters the Internet skirmish: increased competition could mean an all-out Internet service price war.
Digital Slim.
Security- today and tomorrow. (Viewpoint).
DHS to partner with industry to protect cyberspace.

Terms of use | Privacy policy | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters