Today, we experienced the highest ever volumetric DDoS attack on an Israeli website. One of the leading news sites in Israel was hit by a 7 Gbps (!) traffic attack that partially shutdown its news sites, as well as its daughter sites. It was an unsophisticated, brute force attack, yet, a lethal one as it managed to completely saturate the pipe between the Internet Service Provider and the news site. The attacker recruited hundreds of bots to generate a flood of traffic that managed to bypass the CDN and directly hit the website.
So, how can websites and online businesses protect themselves from such volumetric DDoS attacks?
With the rise of the attack profile, there are many security advisors that provide recommendations to businesses on how to protect themselves.
One popular advice is to increase the bandwidth capacity of the pipe between the Internet Service Provider (ISP) and the online business. However, there will always be enough available bots out there to saturate even a higher capacity pipe, not to mention the costs of multi-gigabit Internet connectivity to your ISP.
Another popular advice is to block users from foreign countries while you are under attack. Unfortunately, this is not a viable solution for two reasons: First, recruited bots can be operated from any country including your own. Second, in attacks such as we saw today, the source addresses of the attackers were spoofed, which means that you cannot identify the origin of the traffic and therefore it is impossible to filter out users from foreign countries. And besides, we want to keep the Internet open for everyone.
For volumetric DDoS attacks as seen today, there is only one feasible solution: Online businesses and websites must require a clean pipe service from their ISP. A clean pipe service means that the service provider blocks volumetric DDoS attacks before they enter into the business's pipe, leaving a clean one for legitimate traffic. Once the volumetric attack enters into the business pipe, it will consume the entire bandwidth between the ISP and the business, leaving no room for legitimate users.
Some of the leading ISPs already offer clean pipe services today utilizing advanced DDoS mitigation systems that identify volumetric attacks and automatically block non-legitimate traffic in real-time without interrupting legitimate users that are accessing the online business. During and after the attack, these service providers are capable of sharing detailed reports with their customers about the attack behavior and other relevant information. This helps ISPs to provide the required SLAs to their customers.
The clean pipe service is required to eliminate volumetric DDoS attacks, but it is only partial solution for online businesses that are seeking the ultimate protection, as discussed here.