Internet background radiation

John Graham-Cumming CloudFlare

  download slides (PDF)

Websites are constantly under attack from hackers and extortionists. These attacks create a 'background radiation' of maltraffic on the Internet which is ever present, but difficult to see.

CloudFlare is a web security and CDN company that handles more web traffic than Amazon, LinkedIn, Twitter, Wikipedia and AOL put together and operates around the world. This puts us in the unique position of sensing the background radiation all the time and of coming under attack constantly.

This presentation will look at the types of attacks we experience (from actual hacking attempts, such as when our network was used as a CDN for LulzSec) to DDoS attacks that hit our DNS infrastructure, at the IP and TCP levels and at layer 7. We see attacks against everything from gambling sites to blogs and newspapers critical of governments around the world. We also protect governments themselves and businesses. The scope of our business enables us to sample the background radiation and get a true picture of its intensity and component parts.

Drawing on a year's worth of attack data we'll show the sources and intensity of DDoS attacks, the type of sites that are targeted, and discuss mitigation procedures. Although we are drawing on data from our company, this will be a technical talk and will reveal the extent of maltraffic on the global Internet.