Web hosting provider 123-reg was hit by a +30Gbps DDoS attack between 10.10am and 10.40am this morning. The servers managed to stay online thanks to the company’s DDoS protection platform, however critical applications such as email, control panels and websites (including 123-reg’s own website) were down for a large number of customers. Wieland Alge, VP and GM EMEA at Barracuda Networks commented below.
Wieland Alge, VP and GM EMEA at Barracuda Networks:
“30 minutes may seem like an effective response time against such a powerful DDoS attack, however a survey from IDC last year found that the average cost of critical application failure was between £375k to £750k per hour, so every second counts when critical systems like email are down.
“The key to effective DDoS protection is the ability distinguish real users from malicious requests so that suspicious traffic can be blocked or challenged, but this is not easily done. A network firewall can protect Layer 4 protocols and even do deep packet inspection, but truly protecting against web application layer attacks generally requires terminating the HTTP or HTTPS protocols and often rewriting traffic to identify and mitigate threats. Just as a network firewall is not designed to stop spam, it is also not designed to stop web application attacks. This type of misunderstanding leaves the web application exposed, and gives the administrator a false sense of security. A web application firewall is much better suited to combatting DDoS attacks.
“It’s also worth considering some form of dynamic client fingerprinting as part of any DDoS solution. Mechanisms that can detect suspicious clients using script injections and challenge suspected malicious requests with a CAPTCHA test can be a lifesaver when a DDoS army is very distributed, stays below the rate control radar, and its user systems have not been blacklisted.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.