Massive DDoS attack knocks Burma offline

The attack comes as the country – known officially as the Republic of the Union of Myanmar – is preparing for its first real elections in more than 20 years.

According to Arbor Networks, the DDoS/IP specialist, internet connectivity in Burma has been intermittent since the 25th of October, when the first attacks started to occur.

Reporting on the DDoS attacks in his security blog, Arbor Networks' chief security scientist Dr. Craig Labovitz says that the Burmese government severed the country's internet links back in 2007, in a crackdown over growing political unrest.

"Over the last several days, a rapidly escalating, large-scale DDoS has targeted Burma's main internet provider, the Ministry of Post and Telecommunication (MPT), disrupting most network traffic in and out of the country", he said.

According to Dr Labovitz, whilst the motivation for the attack is unknown, Twitter and a number of blogs have been awash in speculation ranging from blaming the Burmese government – preemptively disrupting internet connectivity ahead of the November 7 general elections – to external attackers with still mysterious motives.

The Myanmar Times, says the Arbor Networks' chief scientist, reports that the attacks have been ongoing since Monday of last week.

"We estimate the Burma DDoS between 10–15 Gbps (several hundred times more than enough to overwhelm the country's 45 Mbps T3 terrestrial and satellite links)", he said.

"The DDoS includes dozens of individual attack components (e.g., TCP syn, rst flood) against multiple IP addresses within MP's address blocks (,, and The attack also appears fairly well-distributed ATLAS data shows attack traffic across 20 or more providers with a broad range of source addresses", he added.

According to Dr. Labovitz, whilst DDoS against e-commerce and commercial sites are commonplace, large-scale geo-politically motivated attacks – especially ones targeting an entire country – remain rare with a few notable exceptions.

"At 10–15 Gbps, the Burma attack is also significantly larger than the 2007 Georgia (814 Mbps) and Estonia DDoS. Early this year, Burmese dissident web sites (hosted outside the country) also came under DDoS attacks", he said.

What’s Hot on Infosecurity Magazine?