Is it a DDoS attack or a large data transfer?
Is it a DDoS attack or a large data transfer?
I explored the IX.br website today and noticed a significant spike in traffic. Out of interest, I wondered whether it was a temporary DDoS attack or a large data exchange between data centers. I wasn’t sure if data centers share bandwidth via the same lines as regular users or if they use separate dedicated connections to avoid impacting normal traffic—like Google’s subsea cables. If that’s the case, what does such a transfer typically look like?
Given the magnitude of the spike (6.21 Pbps or 776 TB/s) it seems unlikely this was a single source transfer of some kind. Is there a way to zoom in and see this in more detail? This is likely a cumulative value and the actual transfer might've had a lower rate over a longer period of time. It would probably also be a good idea to look at the data of multiple days or weeks, to check whether this is a regular occurrence at this time of day or not.
Unfortunately, I can't zoom in since the content is an image. It appears this occurred during a 3-hour spam session, which isn't typical when checking the monthly graph at https://ix.br/agregado/.
This pattern clearly indicates an attack, possibly involving high-performance gear. It seems improbable one source could achieve this alone, suggesting a DDoS attempt.
Many players saved all Switch titles prior to Nintendo removing them!
Cloudflare notes they've reduced a comparable assault but hasn't disclosed specifics just yet. Rumors suggest several entities could generate such volume (notably the well-known 'Great Cannon of China'), making it plausible one or more are launching a coordinated effort. Expect further updates today, possibly revealing a prolonged campaign.
The images show one brief spike in pbps within a 24-hour chart that doesn’t appear when shifting the graph by -4 hours. It stands out as a significant deviation compared to the rest of the data and surpasses any previously recorded DDoS event. This behavior seems like an artifact from how the NMS processes information, possibly due to how values are stored in the database or filtered during calculations. The NMS uses SNMP to retrieve specific device metrics (OIDs) at set intervals, logging timestamps and values—often a 64-bit counter. Depending on settings, it may compute or simply save the numbers. If overflow occurs or the device restarts, the system must handle these cases carefully. When queried, it tries to return values matching the requested range. Occasionally, at interval edges, calculations produce unusually high figures, appearing as massive pbps surges that usually occur in the pbps range. This is generally harmless but can happen occasionally. It tends to resolve over time when data moves to a longer-term storage solution. In short, it likely wasn’t a DDoS attack, just an unusual anomaly.