main

BotnetsBrute Force AttacksDDoS AttacksSecurity

Israeli Website Hit with Country’s Largest Volumetric DDoS Attack on Record: What this Says About Cleaning the ISP Pipe

February 7, 2012 — by Ronen Kenig11

Today, we experienced the highest ever volumetric DDoS attack on an Israeli website. One of the leading news sites in Israel was hit by a 7 Gbps (!) traffic attack that partially shutdown its news sites, as well as its daughter sites. It was an unsophisticated, brute force attack, yet, a lethal one as it managed to completely saturate the pipe between the Internet Service Provider and the news site. The attacker recruited hundreds of bots to generate a flood of traffic that managed to bypass the CDN and directly hit the website.

So, how can websites and online businesses protect themselves from such volumetric DDoS attacks?

With the rise of the attack profile, there are many security advisors that provide recommendations to businesses on how to protect themselves.

One popular advice is to increase the bandwidth capacity of the pipe between the Internet Service Provider (ISP) and the online business. However, there will always be enough available bots out there to saturate even a higher capacity pipe, not to mention the costs of multi-gigabit Internet connectivity to your ISP.

Another popular advice is to block users from foreign countries while you are under attack. Unfortunately, this is not a viable solution for two reasons: First, recruited bots can be operated from any country including your own. Second, in attacks such as we saw today, the source addresses of the attackers were spoofed, which means that you cannot identify the origin of the traffic and therefore it is impossible to filter out users from foreign countries. And besides, we want to keep the Internet open for everyone.

For volumetric DDoS attacks as seen today, there is only one feasible solution: Online businesses and websites must require a clean pipe service from their ISP. A clean pipe service means that the service provider blocks volumetric DDoS attacks before they enter into the business’s pipe, leaving a clean one for legitimate traffic. Once the volumetric attack enters into the business pipe, it will consume the entire bandwidth between the ISP and the business, leaving no room for legitimate users.

Some of the leading ISPs already offer clean pipe services today utilizing advanced DDoS mitigation systems that identify volumetric attacks and automatically block non-legitimate traffic in real-time without interrupting legitimate users that are accessing the online business. During and after the attack, these service providers are capable of sharing detailed reports with their customers about the attack behavior and other relevant information. This helps ISPs to provide the required SLAs to their customers.

The clean pipe service is required to eliminate volumetric DDoS attacks, but it is only partial solution for online businesses that are seeking the ultimate protection, as discussed here.

Ronen Kenig

Ronen manages the global marketing strategy for Radware’s Security products. His responsibilities include the planning, positioning and go-to-market strategy for all Security products activities worldwide. An industry expert, Ronen has more than 14 years experience in managing R&D and marketing products in the networking infrastructure, Security and application delivery sectors. Ronen writes about Security threats and solutions, application delivery, and cloud computing.

11 comments

  • Assaf E.

    February 8, 2012 at 9:45 am

    Very interesting article. Let me give you my 2 cents that I think complement your main point.
    All internet traffic in Israel is actually routed via ~50 (theoretical) “Junctions” only.

    A junction is actually an ISPs providing access to the Internet. As of Feb-2012, according to Israel MOC, there are 46 ISP licensees, however ~95% of the traffic is actually routed via only 4 ISP. Meaning, you can have a clean pipes system on a country level, relatively easily. The main challenge is not only technological but rather regulatory and requires a greater level of collaboration from all elements in the system.

    One possible solution is to have a central body (government agent, since cyber attack is regarded as attack on sovereignty) that will be reported of any cyber attack (by a business, ISP or any other source of information) and act promptly in an orchestrated action with all ISP.

    Having each ISP or individual business confront cyber attack is not a systematic approach where we are actually dealing with a country level kind of threat that needs to be addressed.

    Reply

  • Internet

    March 20, 2012 at 2:46 pm

    Magnificent publish, very informative. I’m wondering why the opposite experts of this sector do not notice this. You should continue your writing. I’m sure, you’ve a huge readers’ base already!|What’s Happening i am new to this, I stumbled upon this I have discovered It absolutely helpful and it has helped me out loads. I am hoping to give a contribution & aid different users like its helped me. Good job.

    Reply

  • The the next occasion I just read a blog, Hopefully that this doesnt disappoint me up to this. I’m talking about, It was my method to read, but I really thought youd have something intriguing to express. All I hear can be a number of whining about something that you could fix should you werent too busy seeking for attention.

    Reply

  • grossir le pénis naturellement

    November 10, 2015 at 9:57 am

    I think this site contains some rattling great information for everyone :D. “A friend might well be reckoned the masterpiece of nature.” by Ralph Waldo Emerson.

    Reply

  • http://lib-tech.cf

    November 13, 2015 at 8:53 am

    You are my breathing in, I own few blogs and rarely run out from post :). “Actions lie louder than words.” by Carolyn Wells.

    Reply

  • roxy

    November 30, 2015 at 12:03 pm

    Enjoyed reading this, very good stuff, thanks . “All of our dreams can come true — if we have the courage to pursue them.” by Walt Disney.

    Reply

  • gry przeglądarkowe

    December 22, 2015 at 11:19 am

    Wonderful website. Plenty of helpful info here. I’m sending it to a few pals ans additionally sharing in delicious. And obviously, thanks on your sweat!

    Reply

  • http://zestawydogolenia.tk

    January 29, 2016 at 1:39 pm

    What i do not realize is if truth be told how you’re no longer really a lot more smartly-preferred than you may be right now. You’re very intelligent. You realize therefore significantly when it comes to this subject, made me for my part consider it from so many numerous angles. Its like men and women don’t seem to be interested until it is something to accomplish with Girl gaga! Your own stuffs excellent. At all times handle it up!

    Reply

  • http://cz.muscleview.info

    April 11, 2016 at 3:25 am

    Thank you for sharing superb informations. Your site is very cool. I’m impressed by the details that you’ve on this website. It reveals how nicely you perceive this subject. Bookmarked this web page, will come back for extra articles. You, my pal, ROCK! I found just the info I already searched everywhere and just could not come across. What an ideal web-site.

    Reply

  • link

    May 12, 2016 at 11:36 am

    How is it that just anybody can create a weblog and get as popular as this? Its not like youve said something extremely impressive more like youve painted a quite picture more than an issue that you know nothing about! I dont want to sound mean, here. But do you really think that you can get away with adding some fairly pictures and not genuinely say anything?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *