subscribe: Daily Newsletter

 

How to mitigate a massive DDoS assault

0 comments

Security company Imperva has mitigated a massive DDoS assault, a 470Gbps attack that targeted a Chinese gambling company and lasted over four hours.

Writing on the Imperva blog, Igal Zeifman and Ofer Gayer tell of how the company had been the victim of several other large-scale assaults that occurred daily during the week leading up to the event in question.

The attack started with a burst that reached above 250Gbps. It then slowly built up over the following hours, peaking at 470 Gbps. After reaching this highpoint, attack traffic scaled back and completely resided within 30 minutes.

The complex attack used nine different payload types, a very rare occurrence, which made it more difficult to mitigate.

Imperva’s Incasula has over 2Tbps in total network capacity, and more than 100Gbps capacity available on its 30 data centres, so it was able to cope with the scale of the attack. The challenge, however, was in doing so without impacting the millions of users moving through our network.

To accomplish this, the netops team any-casted the attack traffic between 21 of its more powerful data centers, routing it through Imperva’s scrubbing servers. Using deep packet inspection, malicious traffic was identified by a scrubbing algorithm based on such factors as protocol type, content-length, and source IP. Cross-examination of these, and a few other variables, generated a profile for malicious network packets.

Following that, all packets that fit this profile were automatically filtered out before they could reach the target’s network. Later on, whenever the attackers shifted patterns, the algorithm readjusted to identify new common criteria for filtering.