14 DAY TRIAL // Prolexic, a company that specializes in protecting organizations against distributed denial-of-service (DDOS) attacks, has seen a lot of cyberattacks in its 10-year history. However, an attack that hit a real-time financial exchange platform on May 27, 2013, is the biggest the DDOS protection provider has ever seen.
The targeted company has not been named, but Prolexic has provided some interesting details regarding the attack itself.
According to the firm, the DNS reflection attack peaked at 167 Gigabytes per second (Gbps). In these types of attacks, the cybercriminals use the DNS Reflection Denial of Service (DRDOS) technique to exploit security weaknesses in the DNS Internet protocol.
“In this type of DNS reflection attack, an attacker makes many spoofed queries to many public DNS servers. The source IP address is forged to appear as the target of the attack. When a DNS server receives the forged request it replies, but the reply is directed to the forged source address,” Prolexic explained.
“This is the reflection component. The target of the attack receives replies from all the DNS servers that are used. This type of attack makes it very difficult to identify the malicious sources. If the queries (which are small packets) generate larger responses, then the attack is said to have an amplifying characteristic.”
The figures provided by Prolexic show that 92% of the devices that took part in the attack were open DNS resolvers.
A while ago, CloudFlare reported that the number of open DNS resolvers was dropping, but it’s clear that there are still enough left to allow cybercriminals to launch massive DRDOS attacks.
“This was a massive attack that made up in brute force what it lacked in sophistication,” said Scott Hammack, chief executive officer at Prolexic.
“Because of the proactive DDoS defense strategies Prolexic had put in place with this client, no malicious traffic reached its website and downtime was avoided. In fact, the company wasn’t aware it was under attack.”
Prolexic says it mitigated the attack by distributing it across the company’s four cloud-based scrubbing centers located in Ashburn, San Jose, London and Hong Kong.
The DDOS protection services provider estimates that the 200 Gbps limit will be crossed by the end of this quarter.