Overview of ddos attack to server hosting Vietnam

October 5, 2016

DOS and DDOS attacks to server hosting Vietnam and all over the world increase more rapidly and complex in the first quarter of 2016.

Some of the overviews

DOS and DDOS attack is a daily threat to the network and the cloud hosting Vietnam server. Denial of service attacks are causing depletion of system resources or traffic flooding. It also disrupts the providing service process to legitimate users, or even stops the system operating.

DOS attack is easy to get and you can get difficulty to resolve it without the proper tools. This makes DOS extremely popular even with users who are not professional. In fact, DOS attack services provided by some bad-websites can be bought by $50. These services are increasingly day by day and become more complex. The malware can easily exploit application vulnerabilities and avoid firewall detection. Web hosting in Vietnam DDOS attacks are usually caused by getting control of Internet connections and a huge number of computers. One attacking computer is called a bot and a group of these computers is called a “botnet”.

The remarkable statistics

The network layer attacks

  • Longest attack lasted 48.5 hours.
  • Biggest attack reached 200 + Gbit/s.
  • Highest frequency attack reached 120 + million per second.
  • Multi-vector attack rate increased by 33.9%.
  • Most multi-vector attacks often combine with UDP flood attacks and amplified DNS attack.

The application layer attacks

  • Longest attack lasted 36 days.
  • Biggest attack reached 100100 requests per second.
  • 9% of the “bot” can overcome cookies defense mechanisms.
  • 7% of the “bot” can overcome cookies and JavaScript defense mechanisms.
  • 9% “victims” were attacked again.

Operation of Bonet

  • 5% of botnet activity originated from Korea.
  • Generic Types! BT botnets (common malicious code on Windows) mostly originated from Eastern Europe.
  • DDOS bot mask such as Chrome and Firefox become more popular.
  • The attacks to website located in the United States are up to 50.3%.

DDOS attack time


The network layer attacks

Attack rates


Attack rates

Hackers often use TCP, UDP and ICMP to attack the network layer. In addition to achieving greater efficiency, hackers will combine many different attacked ways.


The number of different attacked ways

The spoofed web browser

Hackers spoof of the “bot” into your web browser to overcome the security mechanisms.


The spoofed web browser

Bonet operation all over the world


Top attacking countries

Vietnam not only have the top hosting Vietnam services but also present in top 5 attacking countries in the world.


Top targeted country


In the first quarter of 2016, Nitol is the No.1 in the list of botnet activity. This botnet activity increased by 33.3% to 44.4%, this is due to the increasing of botnet activity in Korea. And in this first quarter of 2016, Generic! BT is used in the attacks to IP 7,756 in 52 countries, mostly in Eastern Europe. We can see that much of these activities originate from Russia (52.6%) and Ukraine (26.6%).