Geekly Articles each Day
📜 ⬆️ ⬇️

DDoS analytics



Cyber ​​attacks are recognized as a global global risk, along with a financial crisis, climate change, unemployment and a shortage of drinking water. The attacks are aimed at public information resources, self-service systems, marketplaces, websites of government agencies, banks, etc.

Examples of some DDoS attacks on Russian resources in 2014:
January 30, 2014 - an attack on the Vedomosti newspaper website;
February 20, 2014 - Attack on LifeNews.ru;
March 7, 2014 - attack on the site of the Russian newspaper;
March 13, 2014 - attack on the site 1TV.ru (Channel One);
March 14, 2014 - attacks on:

March 17, 2014 - an attack on the websites of banks and RBS:

April 3, 2014 - 100 Gbps attack on the site Interfax.ru
April 13, 2014 - the attack on the site kp.ru (Komsomolskaya Pravda)
')
Attacks become more difficult and occur more often:

Detection of attacks by “classical” means of protection (firewalls, intrusion detection systems, etc.) becomes more difficult or impossible, the use of specialized systems is required. Such a system is at our disposal - Inoventica Services data centers operate the ivnGUARD system developed by Inoventica Technologies, a member of the Inoventica group of companies.



System Specifications

We do not want to bore you with an advertising article and talk for a long time about the advantages of this system. The purpose of this article is to share statistics with you and hear your stories in the comments. So, our statistics for the 3rd quarter of 2015. This is the distribution of traffic by geography of external sources of attacks:


This is the distribution by type of attacked companies:

Brother is alive ...

Based on these statistics, it is clear that shared-hosting is most often attacked. We are holding a punch. And you? I'm not sure that all hosting providers offer hosting with protection from DDoS attacks for 49 rubles per month .

This is the statistics on the types of attacks:

The flip side of the medal unlimited tariffs

Profile Traffic Excess - Exceeding the set threshold for the number of packets per second or speed. The threshold is either set dynamically according to statistics for each client collected during the previous time (normal situation), or manually by the administrator (special cases).
The amount of traffic - exceeding the manually configured threshold for speed or number of packets
UDP - different types of attacks with amplification (SSDP, NTP, DNS amplification, etc.)
DNS attacks on a DNS server (not DNS amplification)
TCP RST and ICMP flood are TCP attacks with the RST and ICMP flag set, respectively.

Yes, we are not hosters in the classical sense, we are more on the clouds. But our ICT infrastructure and 1 Tbit / s channel in the data center play into our hands with regard to the hosting story. The average attack width on today is 1 Gbit / s. It is terrible to imagine that hosters with a channel in a data center at 200 Mbps are experiencing. Having placed with such guys and having experienced DDoS on DNS - it is better not to wake up the next day.

And these are statistics on how to suppress them:

"Unclean broom-machine" at the post has advantages that biological forms of protection do not have - it does not sleep

This picture suggests that clients place everything in the cloud, including business-critical data, forgetting that individual protection against DDoS over IP is worth the money. Someone is waiting for thunder, and someone chooses preventive methods.

What about you? What does your day look like regarding network security?

PS Presentation of the InvGuard system: www.slideshare.net/OlgaPonomareva1/ddos-54523760

PPS Try to write to Google request "Zerg Rush". ;)

invs.ru/products/services/protection-against-ddos

Source: https://habr.com/ru/post/269783/

More articles:


All Articles