According to Paul Sop, chief technology officer at Prolexic, the volume of the multi-event, randomized attack reached an unprecedented peak level of 69 million packets per second, bandwidth of 45 Gbps of traffic per second, and 15,000 connections per second. These are attack rates that no standalone automated DDoS mitigation appliance or service from an ISP or major carrier would be able to successfully mitigate. Attackers used six different attack signatures during the event, including a combination of bandwidth-driven Layer 3 and targeted Layer 7 attacks aimed at the organization’s critical application layer. Prolexic mitigated a total of four separate DDoS attacks over the course of the event, which lasted 7 days and 20 hours.
“This attack was three times larger in packets per second volume than the biggest attack Prolexic has mitigated previously, which also occurred in 2011” said Sop. “Frankly, we are not surprised since we have seen an almost four-fold increase in packet volume since Q3 2010. This increase reflects an emerging strategy in which attackers directly target a company’s DDoS mitigation appliances, which are commonly vulnerable to such attacks, as they cannot handle such high PPS rates. Prolexic is staying one step ahead of this trend through additional investments in DDoS mitigation infrastructure in the regions where we’ve seen the greatest increase of botnet activity and thus the greatest influx of extremely large attacks.”
Using Prolexic’s proprietary mitigation tools and live monitoring strategy, Prolexic technicians quickly identified a randomized attack consisting of the largest volume of GET, SYN, ICMP, UDP and DNS floods launched in a single attack campaign this year. They also identified that the attack was coming from botnets in multiple worldwide locations with China being the primary location of the highest recorded botnet traffic. In addition, unlike typical DDoS attacks that are coordinated from one geographic source, this attack was much more sophisticated because it was coordinated globally. Despite the unprecedented volume and complexity of the attack, time-to-mitigation in each DDoS attack was within minutes of the time traffic began flowing through the Prolexic scrubbing centers.
An early warning for the 2011 holiday online shopping season
Sop warns that this steady escalation in attack size and complexity will be especially threatening to e-Commerce businesses during the 2011 holiday season. He also cautions that other industries such as hospitality, gaming, and shipping services, should also be on high alert for DDoS attacks in Q4 2011 as botnet activity continues to ramp up in the Asia Pacific region. Sop advises that having attack prevention measures in place from a DDoS mitigation specialist is the best defense against attacks of escalating size and complexity during the online holiday shopping season and beyond.
“Prolexic succeeded in mitigating what was the largest DDoS attack this year in part because we could provide 24/7 real-time monitoring and immediate response to changing attack signatures,” said Sop. “Prolexic specializes in mitigating high bandwidth attacks, so we had already invested in the technology and training to be ready for this exceptional attack. And we’re ready to mitigate even larger attacks in the future.”
Prolexic is the world’s largest, most trusted Distributed Denial of Service (DDoS) mitigation provider. Able to absorb the largest and most complex attacks ever launched, Prolexic restores mission critical Internet facing infrastructures for global enterprises and government agencies within minutes. Six of the world’s ten largest banks and the leading companies in e-Commerce, payment processing, travel/hospitality, gaming and other at risk industries rely on Prolexic to protect their businesses. Founded in 2003 as the world’s first “in the cloud” DDoS mitigation platform, Prolexic is headquartered in Hollywood, Florida and has scrubbing centers located in the Americas, Europe and Asia. For more information, visit www.prolexic.com.