I recently helped our company deploy an interesting technological solution for a distributed denial-of-service (DDoS) attack. A denial-of-service (DoS) attack happens when an attacker floods a network with information. A distributed denial-of service attack happens when a sophisticated attacker with access to many computers, launches a similar attack from many, many computers, overwhelming the computing services in the target network, and preventing legitimate users from accessing information or services (McDowell, 2009).
My company has web based applications related to consumer credit. We have various internet WAN connections, but they add up to about one Gigabit Ethernet WAN connection. This may sound like a lot, but modern DDoS attackers could easily overwhelm a connection like this or the servers we have with waves of malicious data from their botnets.
We deployed a hybrid solution from Arbor Networks, so we have both on premises devices as well as a cloud based service. We first deployed on premise Arbor Availability Protection System (APS) devices online in our WAN connections. These devices can detect DDoS attacks, and also “black hole” traffic from them. So they themselves can detect and re-mediate smaller attacks (Arbor, 2016).
We also have the “Arbor Cloud for Enterprises” solution. To prepare for using this, we made network routing changes to allow the Arbor Networks’ “Scrubbing Centers” to insert themselves on demand into our network path. Normally, Internet traffic comes in directly to us. When a large volumetric DDoS attack is detected, one that is too large for the on premises devices to deal with, then we “flip the switch” and our traffic is re-routed through the Arbor “Scrubbing Centers” who in aggregate can handle 1 Terabit WAN traffic flows (much larger than ours). The DDoS traffic is removed from the incoming data, and normal legitimate traffic is allow to pass through (Arbor, 2015).
I first thought that this was marketing “hokum” but then I assisted with testing our Arbor Cloud solution last week. It really does work. When we invoked the scrubbing, our traffic was almost instantaneously routed through the scrubbing centers, and legitimate traffic continued to make its way to us correctly. I did various network tests before and after scrubbing was invoked, and I could tell no difference. I feel more reassured now than we have some protection against DDoS.
Arbor Cloud DDoS Protection Service for Enterprises. (2015). Retrieved September 17, 2016, from https://www.arbornetworks.com/images/documents/Data Sheets/DS_Arbor_Cloud_Enterprise.pdf
Arbor Networks ® APS. (2016). Retrieved September 17, 2016, from https://www.arbornetworks.com/images/documents/Data Sheets/DS_APS_EN.pdf
McDowell, M. (2009, November 04). Security Tip (ST04-015) Understanding Denial-of-Service Attacks. Retrieved September 17, 2016, from https://www.us-cert.gov/ncas/tips/ST04-015
Greg, I appreciate your writing about denial-of-service (DoS) attack! Really useful thanks!