This morning I wrote about the blistering cyberattacks against the Baltic nation of Estonia in recent weeks. We’ve since come across an interesting blog posting from Jose Nazario over at Arbor Networks offering more detail on the size and scope of the attacks.
He analyzed a couple weeks of DDoS attacks on Estonia using internal tools and reporting systems, and identified 128 unique DDoS attacks on Estonian Web sites. Of these, 115 were ICMP floods, four were TCP SYN floods, and nine were generic traffic floods. Attacks were not distributed uniformly, with some sites seeing more attacks than others, he noted.
“The attacks themselves haven’t been steady … If we look at how many attacks occurred on every day, we can see that they peaked a week or so ago, but they haven’t necessarily stopped,” Nazario wrote. “As for how long the attacks have lasted, quite a number of them last under an hour. However, when you think about how many attacks have occurred for some of the targets, this translates into a very long-lived attack.”
The longest attacks were more than 10 and a half hours long, dealing a “truly crushing blow” to the endpoints, he added.
This was originally seen as an attack sponsored by the Russian government, fueled by anger over Estonia’s decision to move a Soviet-era World War II memorial statue. But infosec experts think this was more likely the work of smaller, organized hacking groups in control of hijacked computers around the world.