We survived from a DDOS attack
On 14-AUG-2018 to 24-AUG-2018, We successfully defended against 254GB of DDOS attacks.
At the first ten minutes, we face intermittent outages as a digital system assessed the situation.
I immediately check access-log in our client web server. It seem to be a normal User-Agent, Like Mozila,Safari,Chrome and etc. While we analysis those web server log with tail, we found that more and more log coming in with user-agent (www.baidu.com) , and the ip addresses is coming from India, Indonesia, Vietnam, Thailand, Philippines.
Here, we believe this will be a malicious attack.
Start making change our client dns resolver to Cloudflare, routing all the traffic coming into and out of Our client, and sent the data through its scrubbing centers to weed out and block malicious packets.
After 6 minutes of changing dns to Cloudflare, attackers relented and the assault dropped off.
Later, during this period, we observed the relevant servers and found no more malicious traffic.
Traffic analysis
We observed traffic analysis on the cloudflare platform. The first attack landed at 14-8-2018 to 15-08-2018, and the maximum traffic per second reached 223.44GB.
Second attack landed on 16-08-2018 to 17-08-2018, with a flow rate of up to 157.62 GB per second. 70Gb less than its first attack.
After two days of observation, we never found any malicious attacks. When we started using the original DNS, we found an abnormal log on the server again. The hackers didn’t give up, they were waiting for us to take the defense down and then continue to attack our customer web pages. So at the end we will point back to cloudflare.
Last attack launched has broken the original attack limit. The attack landed at 24-08-2018 to 25-08-2018, and the attack volume per second reached 259.43Gb.
Since our customer website are static pages, we use this opportunity to experience and research related attacks and improve our understanding of DDOS.
Conclusion
In summary, this malicious attack reached a total traffic of 650.89 GB, and the total user browsing reached 6,857. The total request is the most exaggerated, reaching 297,773,496.
Country Involve in this DDOS attack. (botnet)
Data are analytics by Cloudflare (not sure these ip are spoofed or real user IP), if is real user Ip, imagine how much computer being hacked and become BOTNET.
Leave a Reply
Want to join the discussion?Feel free to contribute!