Tag Archives: Craig Labovitz

NANOG: Botnets, DDoS and Ground-Truth

Here at NANOG 50 Craig Labovitz just gave an interesting talk about botnet data derived from Arbor Network customers enabling anonymous data (37 ISPs over last 12 months), of 5,000 events classified by operators.

60% of DDoS attacks are by flooding. Yet most attacks involve few IP addresses; indicates address spoofing.

Slight problem: only 1/4 of customers have enabled anonymous data. “Real goal of this talk is to encourage participation.”

Well-received talk.

-jsq