A very good tutorial on DDOS attacks, much in the news in the past few months, was posted by the Berkman Center at Harvard University in December. The research is entitled: "Distributed Denial of Service Attacks Against Independent Media and Human Rights Sites", December 2010. The first part of this report outlines DDOS attacks in general, while the last half presents research on attacks against human rights sites around the globe.
DDOS statistics in the report, quoted from Arbor Networks, include: 1300+ DDOS attacks per day in the global Internet, 49Gbps maximum aggregate attack traffic; botnets with up to 1 million nodes. According to Arbor's February 1st report, DDOS attacks have now exceeded 100Gbps. Mid-sized firms, connected through Tier 3 ISP's are the most vulnerable. Those connected to Tier 1 or Tier 2 providers can take advantage of those providers' expertise in mitigating DDOS attacks.
I believe we will have more of this type of attack against commercial businesses. As more enterprises move into the clould, are they more at risk from DDOS attacks against a fellow tenant in that cloud? Or will the superior skills of the cloud provider be able to mitigate that risk?