DDOS Traffic and

Attack Report
DDOS attack report #TheNewPTT

This chart displays the

number of IP
addresses attacked
within a period of time.

Period of time can be

seen within the upper
right corner while the
number of attacks
within the period are
seen in the spikes
(ranging from 1-2
attacks).
DDOS attack report #TheNewPTT

The pie chart will

display the distribution
of attacks performed
within the period it was
set for the report. (If
there is only one type
of attack, it will display
a single color).

Types of attack are

indicated in the legend
below the pie chart and
within the table.

The table also

indicates how many Ips
were attacked.
DDOS attack report #TheNewPTT

This chart displays the The top 5 report

IP addresses that are indicates the IP
in the top 5 report due addresses that need to
to the diverted traffic be monitored closely
instances. since traffic requires
aversion or diversion
Traffic is diverted when as they have attempts
attacks are identified to of malicious intent or
reach thresholds to DDOS attacks.
avoid being
overwhelmed. This chart helps in
providing information to
Overwhelmed IP strengthen and harden
addresses result in the defenses and
denial of service, or vulnerabilities for IP
downtime. users.
DDOS attack report #TheNewPTT

This chart displays the

distribution of attacks
per IP group within the
service and its ranking
based on the highest
attacks received.

Note: actual report will

have more data in the
legend

Table below the chart

displays the listed IP
groups in the graph
with the number of IPs
attacked.
Traffic Report #TheNewPTT

The traffic trend graph displays the

observed traffic within the
collected/identified set of IP addresses
that had been run for the report.

The blue peaks and valleys indicate

the average traffic flow while the red
peaks display the maximum traffic
achieved within each interval of the
period the report is run for.

This chart can either display values in

pps (packets per second) or bps (bits
per second)
Traffic Report #TheNewPTT

This chart displays all the IPs of the

customer and the traffic being generated per
IP.

The summary indicates the IP that has heavy

traffic that includes the attack.

(M, G, and K) bits/packets represent the unit

of measurement used.
Summary #TheNewPTT

In the sample report indicated in this material, the following observations can be deduced:

1. Attacks had occurred in the group of IP addresses. These attacks were the HTTPS flooding type.
2. The following IPS were diverted due to the fact attacks were detected on it.

3. These attacks cause the network/ISP to slowdown and/or become out of service because of the volume
of packets/requests it sends to the network thereby flooding the Line/Pipe making it slower or making it
unserviceable.
 
Though this was mitigated by PT&T, PT&T cannot guarantee the services to be always up and running and
that the client will be free from attacks moving forward. The client may subscribe to PT&T’s DDOS
Ready/Protect Services or implement their own DDOS Protection for continuous service of mitigation. 

In the service agreement, Client agrees to protect its network from attacks, if by the time, PT&T was
affected by the attack coming from the client’s line, PT&T may implement Blackholing to suspend the
service of the customer to protect other clients in the event of any potential adverse effect to the ISP.