Massive DDoS Attack Ends
It’s not news anymore that our main server was under a huge DDoS attack for more than two weeks. But it can finally be said, the attack has ended. Over the last two weeks, we were in constant communication with ThePlanet (Our DC), who had a Cisco Guard with custom proxy templates loaded. Here’s the low-down:
Peak Malicious Traffic Mitigated: 684 MBPS
Average Malicious Traffic: 400MBPS
Total Time for Attack: Over 300 Hours
I can’t even begin to imagine the total amount of traffic filtered, it’s easily in the Terabytes. The server was absolutely taking a pounding from this attack without the Cisco Guard online. Once we had the Guard mitigating the traffic, operation returned to almost normal, and for one reason. The traffic was not easy to filter, we have thousands of visitors daily who access the server, in other-words; lot’s of legitimate traffic we don’t want to filter.
Unfortunately, during the attack, many people experienced random outages and questionable connectivity to the server under the attack. This was not because the server was down, but because the Cisco Guard was filtering non-malicious traffic by mistake.
By the 10th day, we had figured out exactly what to block, and by what means to do it. Normally it wouldn’t take us nearly this long to properly mitigate an attack, but this was such a massive DDoS attack, that it took us this long to track down exactly where it was coming from. We ad to sift through thousands of spoofed IP’s.
Once we had this solved, there was no more questionable connectivity for random visitors, and a custom proxy template to better mitigate the malicious traffic. Less than 48 hours later, the attack had ended, presumable because the attacker gave up.
Big thanks goes out to PurgeHosting Staff and ThePlanet NOC Team.