However, one finding I did want to point out that was somewhat surprising is that DDoS (i.e., brute-force flood-based attacks) have over the past 18 months consistently accounted for ~1-3% of all all inter-domain Internet traffic. Again, this is raw attack traffic, simply meant to exhaust connection state or fill links, nowhere in this mix is spam, phishing, scans, or other malicious or similarly annoying traffic. We have seen peaks well above 5% of aggregate reported traffic, although not consistently.