Protection against DDoS-traffic geofiltering on Juniper routers applying Source Class Usage (SCU)

Many people have been currently writing about and discussing ways of protection against DDoS attacks, trying to create and introduce new standards, languidly awaiting their transformation from Draft into a full-fledged Internet Standard and expecting vendor implementations even more.

 

 

Traffic rerouting towards scrubbing infrastructure (for filtering URL, Layer 7, etc.) using BGP FlowSpec

Implementation of MPLS and VPN technologies on a network allows for creating a flexible scheme for a controlled rerouting of traffic towards Layer7, URL filtering nodes. The filtering nodes can be integrated into a geographically distributed network of an ISP, a DDoS mitigation provider, or (depends on the characteristics of network topology) a centralized filtering system can be implemented.

 

How to prevent DDoS attacks

Nowadays, there is a lot of information on the Internet about cyber attacks and the ways to prevent DDoS attacks in particular. This is not surprising, because the size and complexity of this type of hacker attacks is growing steadily year by year. Even the giants like Amazon, Twitter, Steam, etc. may stop operating due to a DDoS attack.

 

Ukrainian hosting service provider was targeted with a DDoS originated from China

Over the past weekend the DDoS-GUARD protection system  mitigated two powerful series of DDoS attacks aimed at hosting providers.

 

DDoS-GUARD mitigated a series of attacks reaching 209Gbps

This DDoS attack scenario can be called classiс: a long weak attack, and after that — several large but short bursts