DDoS attack stands for "Distributed Denial-of-Service (DDoS) attack" and refers to a bombardment of an Internet entity with a huge amount of data traffic in order to destabilize the system and disturb regular data flow.
The main steps in the DDoS attack mitigation process are:
DDoS detection techniques can vary depending on the tools and technologies available to the network security providers or network administrators responsible for safeguarding the network. The detection phase involves identifying and recognizing potential Distributed Denial-of-Service attacks. This means examining incoming and outgoing traffic for unusual patterns or anomalies with network monitoring tools or intrusion detection systems.
A baseline must be established for typical network behavior, including traffic volumes, protocols, and patterns. By comparing real-time network traffic against an established baseline, anomalies can be detected, and any significant deviation used to flag a possible DDoS attack.
Continuous monitoring and analysis of network traffic is crucial to identify and respond to DDoS attacks quickly and effectively.
During a DDoS attack, the main priority is to redirect malicious traffic away from its intended target. This is often achieved by rerouting incoming traffic to a dedicated DDoS mitigation service. At Arelion, we divert all suspicioustraffic to one of our scrubbing centers, which are specially designed to filter and clean incoming traffic. The scrubbing center analyzes the traffic, identifies any malicious requests or patterns, and separates legitimate traffic fromattack traffic.
The DDoS mitigation diversion phase is an ongoing process, as attackers may modify their tactics at any time or launch subsequent waves of attacks. By effectively diverting and mitigating attack traffic, organizations can minimize the impact of DDoS attacks and maintain the availability and integrity of their online services.
The scrubbing center uses predefined filtering policies to identify and block traffic that matches known attack patterns or exhibits suspicious behavior. These policies are typically based on various criteria, including IP reputation lists, signatures of known attacks, behavioral analysis, or anomaly detection techniques. Advanced filtering techniques such as IP address blacklisting, traffic rate limiting, and protocol-specific filtering, are applied to mitigate the impact of an attack. As an attack continues, the mitigation criteria are adjusted on the fly to counter evolving attack vectors.
Once the malicious traffic has been filtered and the clean traffic identified, the legitimate traffic is re-routed back to its intended destination, i.e. after a DDoS attack subsides, our system ceases redirection and restores normal traffic flow. When an attack has ended, the mitigation measures are lifted, ensuring that all incoming traffic resumes its regular path without any intervention from our system. This normalizes the path traffic takes, removing any latency or delay. In general, end users should notice little or no impact on performance.
There are several different DDoS mitigation techniques and it is common for providers to use a combination of these. From a customer perspective, cooperation with a trusted and experienced provider is a valuable investment.
At Arelion, we have a layered defense structure, based on carrier-grade mitigation technology and equipment, and supported by built-in network features that eliminate suspicious traffic at source or upon entry to our network. One of the major tools we use is BGP Flowspec.
BGP Flowspec (Border Gateway Protocol Flowspec) is a granular mechanism used in network routing to provide fine control over traffic filtering and mitigation. It extends the capabilities of BGP, the main protocol used to exchange routing information between routers on the Internet.
BGP Flowspac is excellent for isolating and dropping bulk flow traffic - common denominator of of most large DDoS attacks.
Arelion’s DDoS mitigation service reacts quickly to various types of network attack, by specifying specific filtering rules at the edge of the network. This method enhances network security and allows for effective traffic engineering and resource allocation. Our experienced engineers tailor responses to ongoing attacks, preventing cybercriminals from outflanking established mitigation policies.
The four most common groups of DDoS attack:
Arelion offers multi-homed DDoS as a solution for customers who procure IP access from multiple providers. Traditionally, customers would purchase DDoS protection separately from each provider. However, our service streamlines the process by providing a comprehensive all-in-one DDoS solution.
The Multi-homing service is similar to our standard service but with one key enhancement –our DDoS service can be used with Internet Transit connections that are not provided by Arelion.
With the Netflow protocol enabled by customers towards our routers, we can effectively monitor traffic. When an attack is detected, we utilize a friendly BGP hijack leveraging our key position within the routing ecosystem of the Internet to push all traffic through our scrubbing centers and then onwards to acustomer's site. Once an attack subsides, we drop the BGP route hijack announcement and traffic flows normally from all IP Transit upstream providers again.
The multi-homing service is fully automated, ensuring efficient and reliable protection for customer network estate.
However, Arelion understands that this may not be suitable for every customer. Some may not wish to provide Netflow for security reasons or even because there is a lack of compatible devices. During normal operation, we recommend that our customers announce /23 or larger prefixes to the external network, as our more specific announcement will take precedence in BGP routing decisions and this requires morepreparation.
As route hijacks, even friendly ones, present risks within the wider routing environment of the Internet, we require that prefixes protected by us must be covered by RPKI ROA (Route Origin Authorization). This allows Arelion to be confident that the prefixes you are asking us to redirect actually belong to you!
Expert knowledge and invaluable insights to help you navigate your digital journey.
A series of guides about the Internet and other fundamental networking concepts, services and technology.
Check out our expert hosted webinars diving deep into the latest topics within connectivity.
The world of networking has never been more exciting. Today, the Internet and network services play a critical role in our lives - individuals and businesses alike.
Our thoughts and deeds. From industry trends to geeky networks stuff.