{"id":2560,"date":"2016-09-17T15:14:46","date_gmt":"2016-09-17T22:14:46","guid":{"rendered":"http:\/\/greg.porter.name\/wordpress\/?p=2560"},"modified":"2016-09-17T15:14:46","modified_gmt":"2016-09-17T22:14:46","slug":"a-recent-ddos-prevention-experience","status":"publish","type":"post","link":"https:\/\/greg.porter.name\/wordpress\/?p=2560","title":{"rendered":"A Recent DDoS Prevention Experience"},"content":{"rendered":"
\n

\"arbornetworks-logo\"<\/p>\n

I recently helped our company deploy an interesting technological solution for a distributed denial-of-service (DDoS) attack.\u00a0 A denial-of-service (DoS) attack happens when an attacker floods a network with information.\u00a0 A distributed denial-of service attack happens when a sophisticated attacker with access to many computers, launches a similar attack from many, many computers, overwhelming the computing services in the target network, and preventing legitimate users from accessing information or services (McDowell, 2009).<\/p>\n

My company has web based applications related to consumer credit.\u00a0 We have various internet WAN connections, but they add up to about one Gigabit Ethernet WAN connection.\u00a0 This may sound like a lot, but modern DDoS attackers could easily overwhelm a connection like this or the servers we have with waves of malicious data from their botnets.<\/p>\n<\/div>\n

\n

We deployed a hybrid solution from Arbor Networks, so we have both on premises devices as well as a cloud based service.\u00a0 We first deployed on premise Arbor Availability Protection System (APS) devices online in our WAN connections.\u00a0 These devices can detect DDoS attacks, and also \u201cblack hole\u201d traffic from them.\u00a0 So they themselves can detect and re-mediate smaller attacks (Arbor, 2016).<\/p>\n

We also have the \u201cArbor Cloud for Enterprises\u201d solution.\u00a0 To prepare for using this, we made network routing changes to allow the Arbor Networks\u2019 \u201cScrubbing Centers\u201d to insert themselves on demand into our network path.\u00a0 Normally, Internet traffic comes in directly to us.\u00a0 When a large volumetric DDoS attack is detected, one that is too large for the on premises devices to deal with, then we \u201cflip the switch\u201d and our traffic is re-routed through the Arbor \u201cScrubbing Centers\u201d who in aggregate can handle 1 Terabit WAN traffic flows (much larger than ours).\u00a0 The DDoS traffic is removed from the incoming data, and normal legitimate traffic is allow to pass through (Arbor, 2015).
\n<\/a><\/p>\n

I first thought that this was marketing \u201chokum\u201d but then I assisted with testing our Arbor Cloud solution last week.\u00a0 It really does work.\u00a0 When we invoked the scrubbing, our traffic was almost instantaneously routed through the scrubbing centers, and legitimate traffic continued to make its way to us correctly.\u00a0 I did various network tests before and after scrubbing was invoked, and I could tell no difference.\u00a0 I feel more reassured now than we have some protection against DDoS.<\/p>\n

Arbor Cloud DDoS Protection Service for Enterprises. (2015). Retrieved September 17, 2016, from https:\/\/www.arbornetworks.com\/images\/documents\/Data Sheets\/DS_Arbor_Cloud_Enterprise.pdf<\/a><\/p>\n

Arbor Networks \u00ae APS. (2016). Retrieved September 17, 2016, from https:\/\/www.arbornetworks.com\/images\/documents\/Data Sheets\/DS_APS_EN.pdf<\/a><\/p>\n

McDowell, M. (2009, November 04). Security Tip (ST04-015) Understanding Denial-of-Service Attacks. Retrieved September 17, 2016, from https:\/\/www.us-cert.gov\/ncas\/tips\/ST04-015<\/a><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

I recently helped our company deploy an interesting technological solution for a distributed denial-of-service (DDoS) attack.\u00a0 A denial-of-service (DoS) attack happens when an attacker floods a network with information.\u00a0 A distributed denial-of service attack happens when a sophisticated attacker with… Continue Reading →<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2560","post","type-post","status-publish","format-standard","hentry","category-content"],"_links":{"self":[{"href":"https:\/\/greg.porter.name\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2560","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/greg.porter.name\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/greg.porter.name\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/greg.porter.name\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/greg.porter.name\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2560"}],"version-history":[{"count":2,"href":"https:\/\/greg.porter.name\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2560\/revisions"}],"predecessor-version":[{"id":2563,"href":"https:\/\/greg.porter.name\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2560\/revisions\/2563"}],"wp:attachment":[{"href":"https:\/\/greg.porter.name\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2560"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/greg.porter.name\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2560"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/greg.porter.name\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2560"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}