One third of the Internet is under attack 30,000 attacks a day

Internet attacks happen far more often than we can imagine. A large-scale analysis of two years of ‘denial-of-service’ attacks shows that one third of the internet is under attack: 30,000 attacks a day, according to UT researcher Mattijs Jonker.

One third of all internet addresses (IPv4) has to deal with Denial-of-Service attacks, Mattijs Jonker showed in his presentation at the Internet Measurement Conference in London. During a DoS attack, an overkill of requests causes a website or system to crash. For those attacks, often computers of other uses are used without them realizing it.

1,000 times higher 

Over a period of two years, the researchers saw 21 million DoS attacks, aimed at 2.2 million so-called ‘slash 24’ internet addresses. These are blocks of 256 addresses, often inside one organization. Whenever one of these 256 is attacked, the infrastructure of the whole block is affected. Worldwide, there are 6.5 million ‘slash 24’ addresses. The average number of daily attacks is 30,000. This could even be an optimistic figure, with new types of DoS attacks being introduced every day. Compared to the number of attacks presented in other reports and by large companies, the amount now presented is up to 1,000 times higher.

The attacks can have different sources: some are cyber warfare, others have political grounds. But simple attacks are cheap and easy to buy. Even pupils wanting to avoid an exam, or individuals with a grudge towards an organization can initiate an attack.


Most of the attacks take place in the US, with the largest number of internet addresses in the world. Japan, third in the number of internet addresses, shows remarkably less attacks, while Russia has a high amount of attacks compared to the number of addresses. The Netherlands scores average. Parties like GoDaddy, Google Cloud and Wix have to deal with many attacks,

How do organisations protect themselves? The research shows that it often takes an attack before organisations get aware of the risks. They then usually hire a third party for a protection strategy.

Mattijs Jonker is a researcher in the Design and Analysis of Communication Systems group at the University of Twente. He did his research together with colleagues of the Center for Applied Internet Data Analysis (CAIDA) in San Diego and the Center for IT-Security, Privacy and Accountability (CISPA) in Saarbrücken. Jonker's main research focus is on ‘Distributed Denial of Service Defense – protecting schools and other public organizations’. 

The paper Millions of Targets Under Attack: a Macroscopic Characterization of the DoS Ecosystem’, by Mattijs Jonker (UT), Alistair King (CAIDA), Johannes Krupp (CISPA), Christian Rossow (CISPA), Anna Sperotto (UT) en Alberto Dainotti (CAIDA) was presented on 1 november 2017 at the Internet Measurement Conference in London.

Wiebe van der Veen
Press relations (available Mon-Fri)