We survived from a DDOS attack

On 14-AUG-2018 to 24-AUG-2018, We successfully defended against 254GB of DDOS attacks.

At the first ten minutes, we face intermittent outages as a digital system assessed the situation.

I immediately check access-log in our client web server. It seem to be a normal User-Agent, Like Mozila,Safari,Chrome and etc. While we analysis those web server log with tail, we found that more and more log coming in with  user-agent (www.baidu.com) , and the ip addresses is coming from India, Indonesia, Vietnam, Thailand, Philippines.

Here, we believe this will be a malicious attack.

Start making change our client dns resolver to Cloudflare, routing all the traffic coming into and out of Our client, and sent the data through its scrubbing centers to weed out and block malicious packets.

After 6 minutes of changing dns to Cloudflare, attackers relented and the assault dropped off.

Later, during this period, we observed the relevant servers and found no more malicious traffic.

Traffic analysis

We observed traffic analysis on the cloudflare platform. The first attack landed at 14-8-2018 to 15-08-2018, and the maximum traffic per second reached 223.44GB.

First attack

Second attack landed on 16-08-2018 to 17-08-2018, with a flow rate of up to 157.62 GB per second. 70Gb less than its first attack.

Second Attack

After two days of observation, we never found any malicious attacks. When we started using the original DNS, we found an abnormal log on the server again. The hackers didn’t give up, they were waiting for us to take the defense down and then continue to attack our customer web pages. So at the end we will point back to cloudflare.

Last attack launched has broken the original attack limit. The attack landed at 24-08-2018 to 25-08-2018, and the attack volume per second reached 259.43Gb.

Third Attack

Since our customer website are static pages, we use this opportunity to experience and research related attacks and improve our understanding of DDOS.

Conclusion

In summary, this malicious attack reached a total traffic of 650.89 GB, and the total user browsing reached 6,857. The total request is the most exaggerated, reaching 297,773,496.

Country Involve in this DDOS attack. (botnet)

Data are analytics by Cloudflare (not sure these ip are spoofed or real user IP), if is real user Ip, imagine how much computer being hacked and become BOTNET.

Traffic from these country

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *