T : +(603) 7806 3550   |   F : +(603) 7806 5586

Saturday, 1 June 2013

Another 167Gbps of DDoS Attack using DNS Reflection method

Still Remember the recent DDoS attack on Spamhaus at 300Gbps? This Recorded ad the largest ever DDoS attack so far. On 27th May, another similar method of DDoS attack (DNS Reflection Method) has launched toward an unnamed financial firm. The attack has reached up to 167Gbps. Prolexic has announced that they have successfully mitigated for their client and distributed it across to their 4 cloud based scrubbing center in Hong Kong, London, San Jose and Ashburn. According to Prolexic, scrubbing center at London has mitigated majority of the attacks, around 90Gbps. Although smaller than the Spamhaus assault, it still registered as the largest ever defended by Prolexic in its 10-year history.





This is the same method that attacked on Spamhaus. Anyway, what is DNS Reflection? In a DNS reflection attack the attacker sends a request for a large DNS zone file—with the source IP address spoofed as the IP address of the intended victim—to a large number of open DNS resolvers. The resolvers then respond to the request, sending the large DNS zone answer to the IP address of the intended victim. The attackers' requests themselves are only a fraction of the size of the responses, allowing the attacker to amplify their attack to many times the size of the bandwidth resources they themselves control. DNS reflection (or amplification) attacks have now become the most popular DDoS tactics despite being widely discussed for years.

When Spamhaus was assaulted by a vast 300Gbps peak of DNS reflection attack, they have engaged CloudFlare, the content delivery network (CDN) provider to prevent the attacks. Of course, CDN still among the best way to stop DDoS attacks, like how Akamai is helping their corperate clients to stop DDoS as well.

So do you really know the different between Prolexic and CloudFlare in handling DDoS attack? In short, their methodology is absolutely different, Prolexic is using the 'scrubbing' method, while CloudFlare is using CDN method. For 'scrubbing' method, the provider like Prolexic will redirect or distribute whatever good or bad incoming traffic into their scrubbing center to clean it before pass to their client's server via proxy method.

For 'CDN' method, the provider like CloudFlare or Akamai will redirect the incoming traffic to the nearest node, and they may have hundred or thousand node worldwide. In other word, attacker can never set their target or no idea which CDN node to attack. With CloudFlare, their clients' actual IP address is hide behind CloudFlare, and they only see CloudFlare's IP address while PING the URL. In more technical, I will suggest you to read on their methodology at https://www.cloudflare.com/ddos. CloudFlare do provide FREE CDN plan that designed for entry level website. Beside CloudFlare, I will also recommend you to study on Akamai's CDN and DDoS protection at http://www.akamai.com/html/solutions/ddos_defender.html. Of course, Akamai has always positioned themselve as the premium CDN provider in this industry, so you will never get a FREE account from them!


EVERWORKS.com have been working with Prolexic since 2008 to incorporate with our DDoS Protection solution in Malaysia. In our record working with Prolexic, they have successfully prevented a DDoS attack of 6Gps for our clients who colocated their server at our datacenter in Malaysia. All our clients are protected under Prolexic's Proxy mode solution, and all their Malaysian IP address will be hide behind Prolexic's proxy server or Scrubbing Center. To know more about EVERWORKS's DDoS Protection solution, please visit our product site at http://www.everworks.com/Services/DDoS




 
Related Posts Plugin for WordPress, Blogger...