Tag Archives: customers

Defeating DDoS attacks in the Cloud: Why hosting providers need to take action

DDoS attacks have become such a significant threat that hosting providers need to actively protect against them or risk their own reputations. In the first few days of the New Year, hosting provider 123-reg was once again hit by a distributed denial of service (DDoS) attack, leaving customers unable to access their websites and email accounts. Even though the magnitude and strength of the attack weren’t as immense as the 30Gbps attack on the website in August last year, it still raises availability and security concerns and emphasises the importance of using effective DDoS mitigation systems. 123-reg reacted with remediation procedures and was able to get services back up and running within a couple of hours, but not after customers experienced service outages and latency issues. Successful DDoS attacks hit more than just network infrastructure, brand reputation and bottom line suffer greatly. For many providers, just a handful of customers make up a significant portion of their revenue stream. Losing one or more of these key accounts would be detrimental to the business. With no shortage of DDoS attacks hitting the news headlines, many businesses that operate in the cloud or plan to move their business applications to the cloud, are beginning to review their DDoS protection options, and the capabilities of their providers. Hosting Providers and DDoS Threats The sheer size and scale of hosting provider network infrastructures and their massive customer base presents an incredibly attractive attack surface due to the multiple entry points and significant aggregate bandwidth that acts as a conduit for a damaging and disruptive DDoS attack. As enterprises increasingly rely on hosted critical infrastructure or services, they are placing themselves at even greater risk from these devastating cyber threats – even as an indirect target. The Domino Effect The multi-tenant nature of cloud-based data centres can be less than forgiving for unsuspecting tenants. For example, a DDoS attack that targets one organisation within the data centre can have disastrous repercussions for other tenants, causing a domino effect of latency issues, service degradation and potentially damaging and long-lasting service outages. The collateral damage associated with successful DDoS attacks can be exponential. When providers lack proper protection mechanisms to defeat attacks in real-time, the costs associated with the outages are wide ranging and the impact to downstream or co-located customers can be devastating. Therefore, if hosting providers are not protected and do not provide effective DDoS mitigation as a part of their service offering, they may inadvertently send useless and potentially harmful traffic across their customers’ networks. Traditional Defences Do Not Work Traditional techniques of defence such as black-hole routing are a crude response to DDoS attacks. Using this method, a hosting provider blocks all packets of website traffic destined for a domain by advertising a null route for the IP address under attack. The most notable issue with this approach, is when multiple tenants share a public IP address. In this situation, all customers associated with the address under attack will lose all service, regardless of whether they were a specific target of the attack. In effect, by using this method, the data centre operator is carrying out the wishes of the attacker, by taking their customers offline. Black-hole routing is not an approach that most operators prefer – since it completely took their customers offline. A more sophisticated approach was then introduced; instead of injecting a null route when an operator observed a large spike, they would inject a new route instead. That action redirected all good and bad traffic through an appliance or bank of appliances that inspected traffic and attempted to remove the attack traffic from the good traffic flows. This approach spawned the existence of DDoS scrubbing-centers with DDoS scrubbing-lanes commonly deployed today. However this approach still required a considerable amount of human intervention. A DDoS attack would have to be detected (again by analyzing NetFlow records) then an operator would have to determine the victim’s destination IP address(s). Once the victim was identified, a BGP route update would have to take place to inject a new route to “turn” the victim’s incoming traffic to where a scrubbing lane was deployed. The appliances in the scrubbing lane would attempt to remove the DDoS traffic from the good traffic and forward it to the downstream customer. Effective DDoS Defence The weaknesses of old methods – being slow to react, expensive to maintain and unable to keep up with shifting and progressive threats – tell us that solutions appropriate for today need to be always-on and remove the attack traffic in real-time, without damaging other customers, or dropping good user traffic. It’s clear they also need to be adaptable and scalable so that defences can be quickly and affordably updated to respond to the future face of DDoS threats – whatever those may be. The increasingly popular method of fulfilling these aims is through real-time DDoS mitigation tools installed directly at the peering point, meaning customer traffic can be protected as it travels across an organisation’s entire network. Such innovations mean providers are better positioned than ever before to offer effective protection to their customers, so that websites and applications can stay up and running, uninterrupted and unobstructed. Hosting providers are starting to deploy this technology as part of their service package to protect their customers. This maximises efficiency due to the fact that defences can be constantly on, with no need for human intervention. Providers can tune these systems so that customers only get good traffic, helping their sites run far more efficiently. It’s a win-win for both sides, as providers’ services become more streamlined and reliable, protecting their reputation, and attracting more customers in the process. Hosting providers have a golden opportunity to modernise their services in this way, and generate new channels for revenue – or else, they risk a slow shrinking of their customer base. Source: http://www.itproportal.com/features/defeating-ddos-attacks-in-the-cloud-why-hosting-providers-need-to-take-action/

More:
Defeating DDoS attacks in the Cloud: Why hosting providers need to take action

Biggest British Hosting Company 123-Reg Suffers Major DDoS Attack

123-Reg, the biggest hosting company in the UK, is targeted a second time in as many years with a chain of major DDoS attacks. The biggest provider of domain registrations in the UK, 123-reg, has once again been the target of a DDoS attack. The result was that users weren’t able to get into their websites or email accounts. Considering this is just the start of 2017, the company has had to deal with another major blow. The company informed of the attacks formally using Twitter, explaining that they believed the attack had just begun and they were working on options to redress the situation and were attempting to work out the impact of the attack. They promised updates would follow. They continued to explain that the company’s network teams kept scrubbing and rerouting bad traffic. Of course, apologies were made for any problems their customers were experiencing. Once again, they reiterated that their team was still rerouting traffic and that they would provide further information soon. The DDoS attack took place on Friday, with the company stating that their IT team had mitigated the DDoS attacks, as evidenced by the resumption of services at around 1 PM. However, some users are still complaining today that they can’t get into their websites. 123-Reg sent out another two tweets in which they attempted to explain that the DDoS attack had just begun and they were attempting to resolve the issue. Later that day, they issued another tweet, stating that the problem had been fixed by 1 PM and that they apologized for any issues. In 2016, 123-Reg was the target of 2 big DDoS or Distributed Denial of Service, attacks. One took place in April, while one occurred in August. The firm stated that it was possible they lost a small amount of user information after the attack that occurred in April. Customers were very displeased at the time because, even after doing their best, the firm only succeeded in bringing back online only 39 percent of their Virtual Private Servers after a week. In August, the company was once again hit by a huge 30Gbps DDoS attack, which completely brought their site down. OVH, a French hosting company, was also the target of large DDoS attacks going up to 1Tbps last year. The firm stated that the Mirai botnet malicious code had been used in the attacks against them but 123-Reg did not make any similar statements. Source: https://www.socpedia.com/biggest-british-hosting-company-123-reg-suffers-major-ddos-attack

View original post here:
Biggest British Hosting Company 123-Reg Suffers Major DDoS Attack

DOSarrest Expands Into Second City in Asia

DOSarrest Expands Into Second City in Asia VANCOUVER, BRITISH COLUMBIA–(Marketwired – Aug. 30, 2016) –  DOSarrest Internet Security announced today that they have expanded their DDoS protection cloud in Asia, with a new DDoS mitigation node in Hong Kong. The new node will work in conjunction with their existing nodes in New York, Los Angeles, London, Singapore and Vancouver and will have the same connectivity as the others, including multiple 10 Gb/Sec uplinks to multiple carriers. Mark Teolis, CEO at DOSarrest says, “This new Hong Kong scrubbing center will have excellent connectivity in the region including multiple Chinese upstream providers. To compliment the 6 upstream providers there will be an additional 10Gb/Sec link into the Hong Kong Internet Exchange (HKiX) for even better route diversity. Our customers have asked for it and we are delivering” Teolis adds, “Having great connectivity into China allows us to offer our customers great performance using our caching engine and also more importantly it allows us to stop attacks closer to the source if need be.” Jag Bains, CTO at DOSarrest states, “This new Hong Kong node is part of our global capacity expansion that includes, new hardware in all existing locations, plus the addition of 100+ Gb/Sec of Internet capacity. We need this in order to offer some new services that we will be rolling out in 2017.” About DOSarrest Internet Security: DOSarrest founded in 2007 in Vancouver, B.C., Canada is one of only a couple of companies worldwide to specialize in only cloud based DDoS protection services. Additional Web security services offered are Cloud based  W eb  A pplication  F irewall (WAF) ,  V ulnerability  T esting and  O ptimization  (VTO) as well as  cloud based global load balancing . More information at  www.DOSarrest.com CONTACT INFORMATION Media Contact: Jenny Wong Toll free CAD/US 1-888-818-1344 ext. 205 UK Freephone 0800-016-3099 ext. 205 CR@DOSarrest.com Source: http://www.marketwired.com/press-release/-2154179.htm

Read More:
DOSarrest Expands Into Second City in Asia

123-Reg drowns in ongoing DDoS tsunami

Data centre target of attack of 30+ Gbps Beleaguered web host 123-Reg has suffered a “huge scale” distributed denial of service (DDoS) attack to its data centre – knocking the Brit outfit’s website offline and a number of users’ services. The attack began this morning and is still ongoing but no performance-related issues have been reported since the traffic was rerouted. The Register understands that the outfit experienced a DDoS attack of 30-plus Gbps to its data centre, with its protection systems kicking in within seconds of the attack being detected. Consequently the business redirected traffic through its secondary “DDoS protection platform” in Germany, which doubled its capacity. No servers were offline, although customers experienced intermittent connection issues such as our website, control panel, email or websites. A 123-Reg spokeswoman said: “At about 10:10am we received a huge scale DDoS attack to our data centre. “Our protection systems kicked in immediately and the attack was contained by 10:40am. We apologise for any intermittent connection issues to our services that some of our customers may have experienced during this time.” Back in November, internet provider Eclipse was hit by a DDoS attack. ® Source: http://www.theregister.co.uk/2016/08/02/123reg_suffers/

Read More:
123-Reg drowns in ongoing DDoS tsunami

A comparative view of cloud-based DDoS protection services

Six months ago we experienced a 30Gb/sec and 60M PPS attack that was targeting over 1000 IPs on our network. Although we eventually stopped the attack with the aid of our upstream providers, a number …

Continued here:
A comparative view of cloud-based DDoS protection services

DrDoS attacks to reach 800 Gbps in 2015

While the network time protocol (NTP) DrDoS threats that became prevalent in early 2014 have been contained, new distributed reflected denial of service threats will lead to attacks in excess of 800 G…

Read More:
DrDoS attacks to reach 800 Gbps in 2015