Under Attack?
Search
Menu
  • Blog
  • Botnets
  • Israeli Website Hit with Country’s Largest Volumetric DDoS Attack on Record: What this Says About Cleaning the ISP Pipe

Israeli Website Hit with Country’s Largest Volumetric DDoS Attack on Record: What this Says About Cleaning the ISP Pipe

By Ronen KenigFebruary 7, 2012

Today, we experienced the highest ever volumetric DDoS attack on an Israeli website. One of the leading news sites in Israel was hit by a 7 Gbps (!) traffic attack that partially shutdown its news sites, as well as its daughter sites. It was an unsophisticated, brute force attack, yet, a lethal one as it managed to completely saturate the pipe between the Internet Service Provider and the news site. The attacker recruited hundreds of bots to generate a flood of traffic that managed to bypass the CDN and directly hit the website.

So, how can websites and online businesses protect themselves from such volumetric DDoS attacks?

With the rise of the attack profile, there are many security advisors that provide recommendations to businesses on how to protect themselves.

One popular advice is to increase the bandwidth capacity of the pipe between the Internet Service Provider (ISP) and the online business. However, there will always be enough available bots out there to saturate even a higher capacity pipe, not to mention the costs of multi-gigabit Internet connectivity to your ISP.

Another popular advice is to block users from foreign countries while you are under attack. Unfortunately, this is not a viable solution for two reasons: First, recruited bots can be operated from any country including your own. Second, in attacks such as we saw today, the source addresses of the attackers were spoofed, which means that you cannot identify the origin of the traffic and therefore it is impossible to filter out users from foreign countries. And besides, we want to keep the Internet open for everyone.

For volumetric DDoS attacks as seen today, there is only one feasible solution: Online businesses and websites must require a clean pipe service from their ISP. A clean pipe service means that the service provider blocks volumetric DDoS attacks before they enter into the business’s pipe, leaving a clean one for legitimate traffic. Once the volumetric attack enters into the business pipe, it will consume the entire bandwidth between the ISP and the business, leaving no room for legitimate users.

Some of the leading ISPs already offer clean pipe services today utilizing advanced DDoS mitigation systems that identify volumetric attacks and automatically block non-legitimate traffic in real-time without interrupting legitimate users that are accessing the online business. During and after the attack, these service providers are capable of sharing detailed reports with their customers about the attack behavior and other relevant information. This helps ISPs to provide the required SLAs to their customers.

The clean pipe service is required to eliminate volumetric DDoS attacks, but it is only partial solution for online businesses that are seeking the ultimate protection, as discussed here.

Posted in: Botnets Brute Force Attacks DDoS Attacks SecurityTags:

Ronen Kenig

Ronen manages the global marketing strategy for Radware’s Security products. His responsibilities include the planning, positioning and go-to-market strategy for all Security products activities worldwide. An industry expert, Ronen has more than 14 years experience in managing R&D and marketing products in the networking infrastructure, Security and application delivery sectors. Ronen writes about Security threats and solutions, application delivery, and cloud computing.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Contact Us Now

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
Close

What are you looking for?