Traffic scrubbing to prevent DDOS attacks: Computer Weekly Product Guide

　In February 2018, the world's largest distributed service refusal (DDOS) attack was stopped in 20 minutes.Thanks to the implementation of the DDOS countermeasure service.

　With an attack on the online code management service "GitHub", a 1.3Tbps traffic was rushed at a pace of 126.9 million packets per second.10 minutes from the start of the attack, GitHub noticed an unusual change, and the traffic was transferred to the AKAMAI Technologies's DDOS countermeasure service "PROLEXIC" (translated).The service sorted and blocked an illegal traffic.

Translated: Former Prolexic Technologies service.Acquired by AKAMAI in 2014.

Complex threat

　DDOS attacks are particularly complicated among the threats facing companies.The aim of individual hackers, criminal organizations, and the nation is overwhelming network components such as specific companies, websites, and routers.The organization must first determine whether traffic is a regular phenomenon or an attack.

　If you use the DDOS agency service, you can start a large DDOS attack relatively easily, even if you have almost no technical skills.The attack, which generated more than 170Gbps, was organized through the chat room of the game distribution platform "Steam" and IRC (Internet Relay Chat), and used tools downloaded by many participants.

　Some attacks are difficult to detect.As a noteworthy attack, there is a trick that overwhelms the DNS server of the opponent who is not sustainable, rather than sustainable."Traffic floods are rushing for a long time, causing defense fatigue. This kind of attack is very difficult to detect it," says Celt.

Scraping

　GitHub used a scraping service known as DDOS measures to compete with the attacks in February 2018.If you use this, the traffic sent to the specific range of IP addresses will be redirected to the data center, where the attack traffic will be "scrub (cleaning)".After that, only clean traffic is transferred to the original IP address.

　According to GARTNER's Cowl, most of the DDOS scrapping providers have 3-7 scraping centers, and they are usually distributed in multiple countries.

　Each center consists of a DDOS counterm device and a large amount of bandwidth (sometimes exceeding 350 Gbps) to flow traffic.When a customer is attacked, redirect and wash all traffic to the closest scraping center.

　There are two types of ways to use the scraping center.One is a way to keep traffic (24 hours in a row) going through the scraping center.The other is to redirect traffic with on -demand when an attack occurs.

　In consideration of the complexity of attacks and IT infrastructure, more and more organizations have adopted hybrid defense to consolidate in a wide range of attack routes.According to Bucker, an on -premises system is deployed as the forefront of defense, and if it is overwhelmed, the Scraving Center may intervene.

　Lawche of IDC says."In order to transfer unauthorized traffic to the scraping center to reduce downtime, it must be implemented in front of the network in cooperation with the cloud and on -premises system, and the attack must be prevented before reaching the core network assets and data.I can't do it "

　Scraping centers are mostly used to protect the infrastructure in customer environments, such as IP -based applications such as DNS servers and email broadcasts.It can also protect the web and mobile applications and protect the API traffic for the Internet (IoT) application using the content distribution network (CDN) -based DDOS countermeasure service.

　AKAMAI's Selt says."The CDN -based approach can protect applications from application layer attacks such as SQL injection, cross -site scripting, remote file insertion, and automated authentication information abuse attacks."

　"If multiple DDOS measures are introduced to different layers, it will be a measure to overcome a contract with a single security product or a single service provider. For comprehensive measures, the cloud scraping center, CDN, and DNS protection., It is necessary to consider edges and application DDOS appliances. "

関連記事