Although last week's distributed denial-of-service attack on garnered lots of headlines, analysts at Arbor Networks say that the attack was a relatively small operation that paled in comparison to big DDoS attacks that occur every day.
Arbor chief scientist Craig Labovitz says that Arbor's ATLAS 2.0 Internet monitoring system last week estimated that DDoS traffic directed at Twitter was not in the multi-gigabit range that characterizes most large attacks. Although he couldn't give specific data on just how large the Twitter attack last week was, Labovitz says that the attack was not as massive as media reports might suggest.
“We didn't see any evidence of a multi-gigabit surge towards twitter,” he says. “Twitter has publicly said that they saw an increase in traffic but they haven't said anything about how much traffic yet.”
When Rogue IT Staffers Attack: 8 Organizations That Got Burned
In contrast, Labovitz notes that while Twitter was being attacked last week, an Asian ISP came under siege from a large DDoS attack that generated more than 30Gbps of DDoS traffic. According to Labovitz, such punishing attacks are commonly deployed against e-commerce sites, as well as sites that specialize in pornography and online gambling.
Moving forward, Labovitz says that Twitter will have to look hard at upgrading its ability to fend off more sophisticated attacks if it wants to maintain its uptime. In particular, Labovitz notes that even before being knocked offline by a relatively small DDoS attack, the microblogging site continuously experienced difficulties in keeping its site running smoothly during heavy usage hours.
“From everything I've read and observed about Twitter, it's come from nowhere and it looks like it's struggling with its growth,” he says. “This DDoS attack and the continued Twitter growth has provided them with a need for upgrading their infrastructure.”
Arbor's ATLAS Internet monitoring system is a collaborative effort that culls data from more than 100 ISPs, including British Telecom, Australian provider Netgen Networks and Indian provider Tata Communications. As part of their agreement with Arbor, all ISPs participating in the ATLAS system must share anonymous traffic data with one another on an hourly basis. Arbor recently upgraded its ATLAS system to monitor and collect real-time data for global Internet traffic, routing and application performance. Previously, the system had been used mostly to collect data on security-related traffic such as DDoS attack traffic.