Cloudflare DDoS threat report 2022 Q3
This post is also available in Français, Español, Português, 한국어, 简体中文, 繁體中文, and 日本語.
Welcome to our DDoS Threat Report for the third quarter of 2022. This report includes insights and trends about the DDoS threat landscape - as observed across Cloudflare’s global network.
Multi-terabit strong DDoS attacks have become increasingly frequent. In Q3, Cloudflare automatically detected and mitigated multiple attacks that exceeded 1 Tbps. The largest attack was a 2.5 Tbps DDoS attack launched by a Mirai botnet variant, aimed at the Minecraft server, Wynncraft. This is the largest attack we’ve ever seen from the bitrate perspective.
It was a multi-vector attack consisting of UDP and TCP floods. However, Wynncraft, a massively multiplayer online role-playing game Minecraft server where hundreds and thousands of users can play on the same server, didn’t even notice the attack, since Cloudflare filtered it out for them.
General DDoS attack trends
Overall this quarter, we've seen:
- An increase in DDoS attacks compared to last year.
- Longer-lasting volumetric attacks, a spike in attacks generated by the Mirai botnet and its variants.
- Surges in attacks targeting Continue reading
OSPF External Routes (Type-5 LSA) Mysteries
Daniel Dib posted a number of excellent questions on Twitter, including:
While forwarding a received Type-5 LSA to other areas, why does the ABR not change the Advertising Router ID to it’s own IP address? If ABR were able to change the Advertising Router ID in the Type-5 LSA, then there would be no need for Type-4 LSA which meant less OSPF overhead on the network.
TL&DR: The current implementation of external routes in OSPF minimizes topology database size (memory utilization)
Before going to the details, try to imagine the environment in which OSPF was designed, and the problems it was solving.
OSPF External Routes (Type-5 LSA) Mysteries
Daniel Dib posted a number of excellent questions on Twitter, including:
While forwarding a received Type-5 LSA to other areas, why does the ABR not change the Advertising Router ID to it’s own IP address? If ABR were able to change the Advertising Router ID in the Type-5 LSA, then there would be no need for Type-4 LSA which meant less OSPF overhead on the network.
TL&DR: The current implementation of external routes in OSPF minimizes topology database size (memory utilization)
Before going to the details, try to imagine the environment in which OSPF was designed, and the problems it was solving.
IPv6 Extension Headers Revisited
The topic of the robustness of IPv6 Extension Headers has experienced a resurgence of interest in recent months. I’d like to update our earlier report on this topic with some more recent measurement data.Palo Basic Setup
A run through using the CLI to set up a Palo firewall at home covering the initial configuration, upgrading, BGP routing and a basic firewall policy.
Tech Bytes: Get Early Attack Detection And Fast Response With Fortinet FortiDeceptor (Sponsored)
Today on the Tech Bytes podcast we’re talking deception. That is, deceiving attackers that try to exploit your network by creating fake assets and infrastructure. Sponsor Fortinet is here to talk about using deception techniques to spot intruders via its FortiDeceptor product. We’ll also talk about threat reconnaissance capabilities of a product called FortiRecon. Our guest is Moshe Ben Simon, VP of Product Management.
The post Tech Bytes: Get Early Attack Detection And Fast Response With Fortinet FortiDeceptor (Sponsored) appeared first on Packet Pushers.
Tech Bytes: Get Early Attack Detection And Fast Response With Fortinet FortiDeceptor (Sponsored)
Today on the Tech Bytes podcast we’re talking deception. That is, deceiving attackers that try to exploit your network by creating fake assets and infrastructure. Sponsor Fortinet is here to talk about using deception techniques to spot intruders via its FortiDeceptor product. We’ll also talk about threat reconnaissance capabilities of a product called FortiRecon. Our guest is Moshe Ben Simon, VP of Product Management.IPU Chip Offloads Networking and Some Security Tasks from CPUs
Infrastructure services such as virtual switching, security, and storage can consume a significant number of CPU cycles. Infrastructure Processing Units (IPUs) accelerate network infrastructure, freeing up CPU cores for improved application performance.Calico at KubeCon + CloudNativeCon NA 2022
Tigera is back at KubeCon + CloudNativeCon NA 2022! We’re excited to be back in person and meet new and familiar faces—and we have a lot of exciting Calico updates to share with you.
KubeCon + CloudNativeCon is action-packed as usual, kicking off the week with co-located events. We will be onsite at two co-located events: eBPF Day and Cloud Native SecurityCon. At the main event, KubeCon + CloudNativeCon, we will have a booth that you can visit for cool swag and deep dives with our experts. We will also be teaming up with AWS to bring you a fun party that you won’t want to miss!
Interested in attending? Curious about the party? Want to win some prizes? Read this blog post to find out what we have in store for KubeCon + CloudNativeCon NA 2022.
eBPF Day – October 24
eBPF Day is a vendor-neutral conference that explores the transformational technology that is eBPF, and its impact on the future of cloud native. This event is co-located with KubeCon + CloudNativeCon.
As a speaker at the event, our resident eBPF expert, Tomas Hruby, will demonstrate how to inspect and troubleshoot the eBPF mode of Calico Open Source during Continue reading
Network Break 402: Ex Uber Exec Guilty Of Breach Coverup; Startup Promotes Decentralized Cellular Networks
This week's Network Break podcast discusses new security capabilities from Aryaka, a Cisco/Microsoft partnership, the guilty verdict for Uber's former CSO, a startup tackling decentralized cell networks, and more tech news.
The post Network Break 402: Ex Uber Exec Guilty Of Breach Coverup; Startup Promotes Decentralized Cellular Networks appeared first on Packet Pushers.