Israeli Website Hit with Country’s Largest Volumetric DDoS Attack on Record: What this Says About Cleaning the ISP Pipe

11
763

Today, we experienced the highest ever volumetric DDoS attack on an Israeli website. One of the leading news sites in Israel was hit by a 7 Gbps (!) traffic attack that partially shutdown its news sites, as well as its daughter sites. It was an unsophisticated, brute force attack, yet, a lethal one as it managed to completely saturate the pipe between the Internet Service Provider and the news site. The attacker recruited hundreds of bots to generate a flood of traffic that managed to bypass the CDN and directly hit the website.

So, how can websites and online businesses protect themselves from such volumetric DDoS attacks?

With the rise of the attack profile, there are many security advisors that provide recommendations to businesses on how to protect themselves.

One popular advice is to increase the bandwidth capacity of the pipe between the Internet Service Provider (ISP) and the online business. However, there will always be enough available bots out there to saturate even a higher capacity pipe, not to mention the costs of multi-gigabit Internet connectivity to your ISP.

Another popular advice is to block users from foreign countries while you are under attack. Unfortunately, this is not a viable solution for two reasons: First, recruited bots can be operated from any country including your own. Second, in attacks such as we saw today, the source addresses of the attackers were spoofed, which means that you cannot identify the origin of the traffic and therefore it is impossible to filter out users from foreign countries. And besides, we want to keep the Internet open for everyone.

For volumetric DDoS attacks as seen today, there is only one feasible solution: Online businesses and websites must require a clean pipe service from their ISP. A clean pipe service means that the service provider blocks volumetric DDoS attacks before they enter into the business’s pipe, leaving a clean one for legitimate traffic. Once the volumetric attack enters into the business pipe, it will consume the entire bandwidth between the ISP and the business, leaving no room for legitimate users.

Some of the leading ISPs already offer clean pipe services today utilizing advanced DDoS mitigation systems that identify volumetric attacks and automatically block non-legitimate traffic in real-time without interrupting legitimate users that are accessing the online business. During and after the attack, these service providers are capable of sharing detailed reports with their customers about the attack behavior and other relevant information. This helps ISPs to provide the required SLAs to their customers.

The clean pipe service is required to eliminate volumetric DDoS attacks, but it is only partial solution for online businesses that are seeking the ultimate protection, as discussed here.

11 COMMENTS

  1. Very interesting article. Let me give you my 2 cents that I think complement your main point.
    All internet traffic in Israel is actually routed via ~50 (theoretical) “Junctions” only.

    A junction is actually an ISPs providing access to the Internet. As of Feb-2012, according to Israel MOC, there are 46 ISP licensees, however ~95% of the traffic is actually routed via only 4 ISP. Meaning, you can have a clean pipes system on a country level, relatively easily. The main challenge is not only technological but rather regulatory and requires a greater level of collaboration from all elements in the system.

    One possible solution is to have a central body (government agent, since cyber attack is regarded as attack on sovereignty) that will be reported of any cyber attack (by a business, ISP or any other source of information) and act promptly in an orchestrated action with all ISP.

    Having each ISP or individual business confront cyber attack is not a systematic approach where we are actually dealing with a country level kind of threat that needs to be addressed.

  2. Magnificent publish, very informative. I’m wondering why the opposite experts of this sector do not notice this. You should continue your writing. I’m sure, you’ve a huge readers’ base already!|What’s Happening i am new to this, I stumbled upon this I have discovered It absolutely helpful and it has helped me out loads. I am hoping to give a contribution & aid different users like its helped me. Good job.

  3. The the next occasion I just read a blog, Hopefully that this doesnt disappoint me up to this. I’m talking about, It was my method to read, but I really thought youd have something intriguing to express. All I hear can be a number of whining about something that you could fix should you werent too busy seeking for attention.

  4. What i do not realize is if truth be told how you’re no longer really a lot more smartly-preferred than you may be right now. You’re very intelligent. You realize therefore significantly when it comes to this subject, made me for my part consider it from so many numerous angles. Its like men and women don’t seem to be interested until it is something to accomplish with Girl gaga! Your own stuffs excellent. At all times handle it up!

  5. Thank you for sharing superb informations. Your site is very cool. I’m impressed by the details that you’ve on this website. It reveals how nicely you perceive this subject. Bookmarked this web page, will come back for extra articles. You, my pal, ROCK! I found just the info I already searched everywhere and just could not come across. What an ideal web-site.

  6. How is it that just anybody can create a weblog and get as popular as this? Its not like youve said something extremely impressive more like youve painted a quite picture more than an issue that you know nothing about! I dont want to sound mean, here. But do you really think that you can get away with adding some fairly pictures and not genuinely say anything?

LEAVE A REPLY

Please enter your comment!
Please enter your name here