Fighting Off Huge DDoS Attack

Friday, August 22, 2014 @ 04:08 PM gHale

One security firm came to the rescue of a user after a huge DDoS attack lasted 38 days and kicked out over 50 petabits of malicious traffic.

The perpetrators used extremely large DNS floods for the entire duration of the attack that started on June 21 and ended on July 28, channeling several tens of millions of requests per second, according to Incapsula, who mitigated the incident from start to end.

NRC Hacked: Report
Contractor Hacked, Satellite Data Breached
Accused Hacker Busted in France
London Teen Charged in DDoS Attacks

The company said in a blog post the offenders “tried everything from massive network layer DDoS attacks to focused application layer (HTTP) floods, followed by dozens of SQLI and XSS attempts.”

On a regular basis, they relied on at least two of these attack vectors but they often ramped things up with five-vector attacks.

Incapsula said the largest amount of packets was over 90 million per second, totaling over 110 Gbps. Their DNS infrastructure also suffered a hit with large SYN floods, in an attempt to disrupt the protection of the targeted service.

Researchers suspect there was a business feud going on because at the root of the incident the attackers had sufficient firepower in their hands and were extremely determined in their activity.

“The ‘business feud’ theory is reinforced by the resources used during the attack. Looking at source IP data, Incapsula noticed the majority of malicious packets were originating from the same IP ranges. We knew that 20 percent of C-classes are typically responsible for ~80 percent of all DDoS traffic,” Incapsula said.

The resources leveraged in the incident were far from being consistent with an off-the-shelf botnet for hire capable of short-lived 20 Gbps blasts, which is possible to purchase on underground forums for a few hundred dollars. An offensive lasting this long with capability to generate 90+ Gbps of unamplified DDoS traffic was clearly the work of professionals who DDoS for a living.

The long-lasting event ended up mitigated by Incapsula using a single “Behemoth” scrubbing server, capable of processing up to 170Gbps or 100Mpps worth of traffic.

The company under attack had contracted the DDoS mitigation services from Incapsula just a day before the incident started. At the time of the event Behemoth had spent a month undergoing internal tests.

Leave a Reply

You must be logged in to post a comment.