DDoS-GUARD http://nolims.ru 100% protection against DDoS attacks en-US Wed, 05 Jul 2017 00:00:00 +0300 Wed, 05 Jul 2017 00:00:00 +0300 Traffic rerouting towards scrubbing infrastructure (for filtering URL, Layer 7, etc.) using BGP FlowSpec /en/info/blog-detail/traffic-rerouting-towards-scrubbing-infrastructure-for-filtering-url-layer-7-etc-using-bgp-flowspec Implementation of MPLS and VPN technologies on a network allows for creating a flexible scheme for a controlled rerouting of traffic towards Layer7, URL filtering nodes. The filtering nodes can be integrated into a geographically distributed network of an ISP, a DDoS mitigation provider, or (depends on the characteristics of network topology) a centralized filtering system can be implemented. The figure below shows a scheme of a typical filtering node: In the figure, without the L7 filtering mechanism the incoming traffic from WAN goes through forwarding tables default.inet.0 towards Layer 3 and Layer 4 filtering equipment. Clean traffic is routed towards Client network via vrf protected. In order to reroute traffic towards the L7 filtering, a new routing-instances proxy with RD 65000:200 is created, where routing information is distributed among all routers within a network. Apart from AFI inet-vpn-unicast, AFI inet-vpn-flow in MP-BGP is included into iBGP, which allows to transmit the FlowSpec information into the corresponding vrf. PE-1> show bgp neighbor 192.168.1.2 | match "NLRI for this session: |Table|Received prefixes:| Accepted prefixes:" NLRI for this session: inet-unicast inet-vpn-unicast l2vpn inet6-labeled-unicast inet-vpn-flow Table proxy.inet.0 Bit: b0000 Received prefixes: 4 Accepted prefixes: 4 Table protected.inetflow.0 Bit: c0000 Received prefixes: 1 Accepted prefixes: 1 The configuration of routing-instances proxy is below: PE-1>show configuration routing-instances proxy instance-type vrf; interface ae0.800; interface ae0.801; interface ae0.924; route-distinguisher 65000:200; vrf-target { import target:65000:200; export target:65000:200; } vrf-table-label; routing-options { static { route 0.0.0.0/0 { next-table protected.inet.0; preference 200; } } flow { term-order standard; } } protocols { bgp { import default-proxy; export reject-all; group Redirect { type external; passive; peer-as 65501; multipath; neighbor 10.0.2.202 { local-address 10.0.2.201; } neighbor 10.0.2.206 { local-address 10.0.2.205; } } } } Two neighbors devices of the Layer7 filtering are specified in the  BGP routing-instances proxy configuration, for ensuring redundancy of a single node. The traffic rerouting towards the L7 filtering is carried out as follows: From Control Server that has an enabled eBGP session with family inet flow inside routing-instances protected, a route with corresponding attributes for traffic rerouting from routing-instances protected into routing-instances proxy is advertised via FlowSpec. Example: 192.168.200.1*,proto=6,dstport=80,dscp=48/term:1 *[BGP/170] 4d 19:59:37, localpref 100, from 10.22.2.2 AS path: 65501 I, validation-state: unverified Fictitious This advertisement is distributed among all routers of the network through inet-vpn-flow. The router's BGP configuration for FlowSpec incorporated with Control Server is listed below: PE-1> show configuration routing-instances protected protocols bgp group Servers neighbor 10.22.2.2 description "Proxy FlowSpec"; passive; import Import_proxy_flowspec; family inet { flow { prefix-limit { maximum 200; teardown; } no-validate Redirect-to-proxy; } } export reject-all; peer-as 65501; The no-validate parameter allows the FlowSpec routes to be active without validation of the advertisements in inet.0. Applied to neighbor policy implements match over the transmitted FlowSpec community and redirects traffic into routing-instances proxy. An example of policy and community configuration is below: PE-1> show configuration policy-options policy-statement Redirect-to-proxy term 1 { from community redirect; to instance proxy; then accept; } term 2 { then accept; } {master} PE-1> show configuration policy-options community redirect members redirect:65000:200; {master} Not a positive feature is the overall forwarding to all instances participating in the FlowSpec, which leads to permanent cyclical forwarding of packets between instances where they "die" because of ТТL. A solution to this problem became an approach of labeling the traffic with dscp markers upon leaving the Layer3,4 filtering devices, and further discard of the markers upon leaving vrf proxy. This solution is implemented by using the Interface-Specific firewall filters and by advertising match dscp in the FlowSpec, matching the dscp labeling of the output of the Layer3,4 filtering devices. Examples of both filters are given below: PE-1> show configuration firewall filter mark_dscp_proxy term 1 { from { protocol tcp; destination-port [ 80 483 ]; } then { accept; dscp cs6; } } term 2 { then accept; } PE-1> show configuration firewall filter clear_dscp term 1 { from { protocol tcp; destination-port [ 80 483 ]; } then { accept; dscp cs0; } } term 2 { then accept; } {master}   In order to route traffic to the Layer7, a BGP session is established with each filter. In this session, all the filters advertise 0.0.0.0/0 route, which is anycast and the main route in the table: PE-2> show route table proxy.inet.0 0/0 exact roxy.inet.0: 6 destinations, 9 routes (6 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[BGP/170] 5d 20:56:48, localpref 100, from 192.168.1.4 AS path: 65501 I, validation-state: unverified > to 10.10.48.1 via ae0.1062, label-switched-path PRIORITY-PE2-PE4 to 10.10.48.1 via ae0.1062, label-switched-path BE-PE2-PE4 to 10.10.68.1 via ae0.1064, label-switched-path PRIORITY-PE2-PE4 [BGP/170] 5d 21:01:12, localpref 100, from 192.168.1.3 AS path: 65501 I, validation-state: unverified > to 10.10.48.1 via ae0.1062, label-switched-path PRIORITY-PE2-PE3 to 10.10.48.1 via ae0.1062, label-switched-path BE-PE2-PE3 to 10.10.68.1 via ae0.1064, label-switched-path PRIORITY-PE2-PE3 [BGP/170] 5d 21:32:11, localpref 100, from 192.168.1.1 AS path: 65501 I, validation-state: unverified > to 10.10.68.1 via ae0.1064, label-switched-path PRIORITY-PE2-PE1 to 10.10.48.1 via ae0.1062, label-switched-path PRIORITY-PE2-PE1-1 to 10.10.68.1 via ae0.1064, label-switched-path BE-PE2-PE1 to 10.10.48.1 via ae0.1062, label-switched-path PRIORITY-PE2-PE1 to 10.10.68.1 via ae0.1064, label-switched-path PRIORITY-PE2-PE1-1 [Static/200] 5d 20:54:19 to table protected.inet.0 Inside of this vrf is a static route 0.0.0.0/0 with a higher preference of 200, and with next-table protected.inet.0, which acts as a bypass route in the event of any problems occurred at the Layer7 filtering devices. Wed, 05 Jul 2017 00:00:00 +0300 /en/info/blog-detail/traffic-rerouting-towards-scrubbing-infrastructure-for-filtering-url-layer-7-etc-using-bgp-flowspec How to prevent DDoS attacks /en/info/blog-detail/how-to-prevent-ddos-attacks The main objective for hackers is to make the targeted system unavailable for its users. For this purpose, hackers send a huge amount of dummy requests, making the server fail to handle them, and as a result, the system goes down. This can be compared with the situation when a weightlifter attempts to lift a barbell, which is many times heavier than the one he exercises with regularly. Of course, he will fail. The same happens with a website - when a web server that handles the requests becomes overwhelmed with enormous number of requests and stops operating. When this happens, a user in attempt to visit a website sees an error message instead of an expected page. In order to produce malicious traffic, which in fact is a DDoS attack, a large number of network devices infected with malware are used in most cases. These devices (PCs, smartphones, "smart things", servers) combined together form a botnet, which sends multiple requests towards an IP address of the victim. Sometimes social networks can be a source of attacks in case when a link to the victim website is placed. In addition, on the Internet one can find a stresser service which can be used by anybody to conduct a DDoS attack. What does a DDoS attack look like   Methods vary, but any DDoS leads to a loss of legitimate traffic, in other words - loss of users, and therefore, it is often used as an instrument of unfair competition. Online stores and games, electronic payment systems are among the victims that suffer from DDoS attacks the most. So the question of how to stop a DDoS attack is an increasing concern. When it comes to protect a website, it seems logical to seek assistance from the hosting service provider that hosts the website. However, for many hosting companies with inexpensive service plans it's easier to disable the website that causes troubles rather than find a way to get rid of DDoS and at the same time keep the website running. Having communication channels overwhelmed with attacks, an Internet service provider considers this as an emergency and a threat to its integrity. This will force the provider to completely discard all traffic coming towards the victim (and the less an owner of the targeted system pays for the hosting, the faster the provider makes a decision to null-route the victim). What should we do? There are two solutions: self-implemented measures and professional protection against DDoS, including services from specialized companies. Note that universal methods of protection against DDoS attacks do not exist, because hackers are constantly in search of new vulnerabilities and ways to overcome the protection systems. However, there are simple effective techniques that website administrators should know. They will help to implement protection against DDoS attacks of the simplest form.     Scripts and firewalls Let's assume that a website named n.com is under an ongoing DDoS attack. Judging by the logs (request history) it can be seen that a large number of GET requests are aimed at the main page. In this case, you can use javascript redirect, for example: window.location = "n.com/index.php"   After that, legitimate users who have not disabled javascript in their browser are redirected to index.php. However, we are facing a problem here – the search engines bots (Google, Yandex) do not have a Javascript interpreter and will not be forwarded, as well as  the attack requests. This has a negative impact on the website position in the search results. To avoid this, you can write a small script that will count the number of connections from a certain IP address, and ban it. To define a bot, for example, you check its host There is a free script called DDoS Deflate, which is a kind of an alarm that uses the "netstat" command to detect incoming flood (one of the types of DDoS), and after that it blocks suspicious IP addresses with help of iptables (or apf). Apache settings In order to prevent DDoS, one can make use of changing the Apache settings: KeepAliveTimeout - it is necessary to reduce its value or completely disable it; TimeOut - the least possible value must be set for this parameter (a web server that is under a DDoS attack). LimitRequestBody, LimitRequestFieldSize, LimitRequestFields, LimitRequestLine, LimitXMLRequestBody must be configured to limit computing resource consumption caused by client requests. The most dramatic method to stop a DDoS attack is to block all incoming requests from the countries where the "garbage" traffic originates from. However, it can cause a great inconvenience to legitimate users of these countries, because they have to use proxy to bypass the blocking. And here we come to the question of why the above methods are unable to fully ensure protection against DDoS attacks. The fact is that it is very difficult to distinguish legitimate from malicious queries. For example, the notorious Mirai malware forced the DVRs to send requests over TCP that looked like legitimate, and that was the reason why those DDoS attacks were not stopped immediately. Today, there are more than 37 types of DDoS attacks, each has its own characteristics. In addition, it is likely to block legitimate requests together with malicious ones, i.e. to lose real users as a result. Protection services If you want to protect your online business, you should consider the services specialized in protection against DDoS attacks, which provide their services remotely. How do most of these companies work? They have their own or rented scrubbing centers, equipped with a special filtering devices. The traffic of the protected infrastructure is sent there first, and after it is analyzed and checked for attacks, it is then routed towards the destination address. Modern technologies allow to perform data exchange and filtration procedures so fast that a user does not even notice any delays, which are measured not in seconds, but in CPU cycles. The client traffic is monitored real-time by engineers of the protection service provider, and at any moment they can adjust the filtering process, including manually configure a blocking pattern for a new type of a DDoS attack. The traffic redirection can be implemented in different ways: using proxy (no need for transfer of the protected system) configure a virtual tunnel (via IPIP or GRE), through a cross-connection (cabling between protected infrastructure and a scrubbing facility). What DDoS mitigation service should be used? It depends on the parameters of the protected asset. For websites, the most appropriate solution is using a protect proxy or a protected server. In order to protect an autonomous system, a hosting service facility, and an entire ISP - BGP protection over a tunnel or a physical cross-connection are used.     In any case, a DDoS protection provider must have vast communication channels for receiving large amounts of traffic, because the size of cyber attacks is growing almost exponentially, and there has already been a 1Tbps DDoS attack. Therefore, when dealing with representatives of the protection service company, it is up to you to find out their technical capabilities. A significant advantage is having filtering equipment located in different countries, because this allows to receive and process the traffic at the closest distance to its source, thus reduce latency to its minimum. In addition, the distribution of traffic among multiple points allows to reduce the overall load on each filtering node and its equipment, which also increases the network stability. Besides, if you do not employ experienced network engineers who are able to set everything up themselves, then you will need technical assistance. It's a big plus if the support staff of the DDoS mitigation company is online 24/7 and speaks the same language with the customer. Of course, all of these services are not free, but they are an essential option when implementing a DDoS prevention strategy. Otherwise, you have to fight the consequences that can be critical for specific business segments. In any case, the cost of this type of protection against DDoS is much lower than purchase and maintaining own filtering equipment. Wed, 05 Jul 2017 00:00:00 +0300 /en/info/blog-detail/how-to-prevent-ddos-attacks General information /info/protect?id=3738 General information Mon, 03 Jul 2017 16:06:55 +0300 /info/protect?id=3738 Ukrainian hosting service provider was targeted with a DDoS originated from China /en/info/blog-detail/ukrainian-hosting-service-provider-was-targeted-with-a-ddos-originated-from-china The first series was detected on Friday morning. Hackers tried to block the victim's infrastructure by forwarding large traffic flows of malicious traffic towards it. Within 2 hours the amount of attack traffic was going up and down, and at its peak it reached 35 Gbps (71 Mpps), but the unknown attackers failed to breach the DDoS-GUARD protection. The targeted system remained accessible for its legitimate users, despite the 14 large and many other small attacks. The attack technique suggests that its source was in China. The hackers have made a second attempt on Sunday, and increased the attack size to 84 Gbps (63 Mpps), but those attacks have not reached the goal. In just three hours there were detected 7 large and many weak attacks aimed at the victim's address. It is worth noting that such attacks are of average size and complexity, and the DDoS-GUARD capabilities made it easy to mitigate. However, those attacks could have been a serious problem for unprotected online systems. Web hosting service companies are "favorite" targets for DDoS attacks, since by blocking the entire hosting service, one can make unavailable all the websites located on it. Therefore, the hosting service providers are constantly at risk to become a victim of such cyber-attacks.       Sun, 25 Jun 2017 00:00:00 +0300 /en/info/blog-detail/ukrainian-hosting-service-provider-was-targeted-with-a-ddos-originated-from-china China got into the top three leaders on the number of victims targeted with DDoS attacks /en/info/blog-detail/china-got-into-the-top-three-leaders-on-the-number-of-victims-targeted-with-ddos-attacks The DDoS-GUARD statistics shows that for the 1st quarter of 2017, the size of DDoS attacks increased significantly compared to the same period last year. The average size amounted to 4.6 Gbps, and the maximum reached 209 Gbps, which is by 16% more than in Q1 2016. There is still a tendency towards increased size and complexity of attacks: significantly increased the proportion of attacks that exploit vulnerabilities in the TCP - they were more than 50% of the total. A part of the attacks was generated by compromised IoT devices. We can assume that the hackers decided to act in more sophisticated ways, because UDP-based attacks are easy to filter and they do not reach their goal. However, the DDoS-GUARD protection system easily copes with these threats. Speaking of geographical part of the DDoS victims, among customers of DDoS-GUARD Russia is consistently ranked in the top three. 17% out of all targeted resources within Q1 2017 are belong to Russian businesses. China is in the lead, the United States took the second place. Most of the attacks are conducted towards online stores, gaming projects, and web hosting services. The DDoS-GUARD experts predict further decrease in the percentage of easy-to-perform attacks. This is due to the fact that the use of trivial attacks makes no sense thanks to DDoS mitigation providers. Special attention must be given to improving security of IoT devices, as well as to removing vulnerabilities in outdated, but very common versions of Windows. Compromized IoT devices still pose a threat. Besides, hackers drew their attention to the vulnerabilities of outdated versions of Windows OS. To read the full report on DDoS attacks occurred within Q1 2017,  follow the link.           Thu, 15 Jun 2017 00:00:00 +0300 /en/info/blog-detail/china-got-into-the-top-three-leaders-on-the-number-of-victims-targeted-with-ddos-attacks Q1 2017 DDoS attack report /info/protect?id=3552 Q1 2017 DDoS attack report Wed, 14 Jun 2017 17:19:36 +0300 /info/protect?id=3552 The regional conference ENOG 13 ended in St. Petersburg /en/info/blog-detail/the-regional-conference-enog-13-ended-in-st-petersburg The two-day session gathered more than 300 representatives of the leading companies in the industry who were able to discuss such issues as development strategy of IPv6, DNS Enterprise Anycast, implementing routing of CDN segments, news related to the deployment of DNSSEC and more. Special attention was paid to security issues of Internet service providers, BGP tunneling, and the vulnerabilities of technological systems of TSPs. It is needless to say that not only the presentations and workshops attract delegates from different countries to ENOG, but also the opportunity for personal contact in an informal setting and establish new business contacts. During the event, representatives of DDoS-GUARD had reached in principle agreement with the TSPs on mutually beneficial cooperation.           Fri, 26 May 2017 00:00:00 +0300 /en/info/blog-detail/the-regional-conference-enog-13-ended-in-st-petersburg Assessment of cyber security in 2016 and prospects for 2017 /info/protect?id=3266 Assessment of cyber security in 2016 and prospects for 2017 Mon, 15 May 2017 16:18:09 +0300 /info/protect?id=3266 DDoS-GUARD and FirstVDS: implementing IP transit and network security for а hosting service provider over physical communication Links /info/protect?id=3221 FirstVDS provides virtual servers (VDS). The project has been existing since 2002 and is specialized solely on virtual servers Leasing service. The company's equipment is hosted in а private data center in Moscow. The hosting company guarantees 99.6% uptime and competent technical support. Among FirstVDS customers are website owners, moЬile application developers, web studios, administrators of game servers. Tens of thousands of people have already chosen FirstVDS as а partner. Wed, 10 May 2017 16:30:06 +0300 /info/protect?id=3221 Annual report 2016 /info/protect?id=3175 Annual report 2016 Wed, 03 May 2017 11:47:15 +0300 /info/protect?id=3175 Q4 2016 DDoS attack report /info/protect?id=3167 Q4 2016 DDoS attack report Tue, 02 May 2017 15:54:54 +0300 /info/protect?id=3167 DDoS-GUARD will support the Eurasian Network Operators Group /en/info/blog-detail/ddos-guard-will-support-the-eurasian-network-operators-group This year DDoS-GUARD is a Bronze sponsor of one of the main events for the telecommunication service providers - the conference of the Eurasian Network Operators Group (ENOG), which is held by RIPE NCC. This year it takes place in St. Petersburg on 23 and 24 of May 2017.  ENOG has been held in various cities of Russia since 2011, each year is visited by more than 200 attendees from Russia, Europe and Asia. The main goal of the event is to provide participants with an opportunity to share ideas and discuss the most relevant issues for the regional Internet community. For two days held, there were a lot of speeches and presentations on various topics, including cybersecurity.  The DDoS-GUARD representatives already participated in ENOG giving a presentation on "Protection of business against modern DDoS threats: comparison of IaaS and hardware solutions", and praised the way the event was held and the opportunities offered by being a part of it. This year, we will be happy to meet again our colleagues and partners to discuss the possibility of cooperation in terms of ensuring cyber security.    Mon, 03 Apr 2017 00:00:00 +0300 /en/info/blog-detail/ddos-guard-will-support-the-eurasian-network-operators-group A model of digital government was presented at CeBIT 2017 in Hannover /en/info/blog-detail/a-model-of-digital-government-was-presented-at-cebit-2017-in-hannover CeBIT is the most important global event dedicated to digital technologies. The event brings together two formats: international conferences and large-scale exhibition, and this is the place where global corporations and private startups can represent their solutions.  The Internet of things, drones, big data and analytics, data centers, cloud computing and, of course, cybersecurity - these and other areas of digitization were presented in 8 clusters, which the exhibition managers have divided it into. Every year CeBIT attracts more than 200 thousand visitors, including IT professionals and executives, and prominent politicians. This year the exhibition was visited by Prime Minister of Japan, Shinzo Abe, to personally present a formal concept of the digital era government - Society 5.0. In addition, the Japanese participants showed new models of humanoid robots that amaze the imagination of both ordinary people and professionals.  This was not the first time when DDoS-GUARD participated in CeBIT, presenting its services in the fight against DDoS attacks. This is an excellent platform for business negotiations, and this time we managed to conclude contracts with several European and Asian companies. DDoS-GUARD pursues a continuous expansion of a partnership network around the world in order to make its services as reachable as possible.          Mon, 27 Mar 2017 00:00:00 +0300 /en/info/blog-detail/a-model-of-digital-government-was-presented-at-cebit-2017-in-hannover DDos Attack Mitigation Service /info/protect?id=2493 DDos Attack Mitigation Service Mon, 20 Mar 2017 15:53:16 +0300 /info/protect?id=2493 DDoS-GUARD and REG.RU: AS and BGP protection /info/protect?id=2499 REG.RU’s customers can choose the services they need and create a fully functional website based on their needs and budget. However, apart from functionality of an Internet resource, one should neglect its security. Project owners taking care of their reputation should provide safe data exchange with their website visitors, and resilience against external factors of web environment. Even a small DDoS attack can become a critical factor deteriorating website performance. It is well known that down time is the major reason that can make a customer switch for another hosting provider, since the website loses reputation, visitor traffic, and thus its profits. Mon, 20 Mar 2017 15:53:16 +0300 /info/protect?id=2499 Q3 2015 report /info/protect?id=2476 Q3 2015 report Mon, 20 Mar 2017 15:53:16 +0300 /info/protect?id=2476 Annual report 2015 /info/protect?id=2478 Annual report 2015 Mon, 20 Mar 2017 15:53:16 +0300 /info/protect?id=2478 Q1 2016 DDoS attack report /info/protect?id=2481 Q1 2016 DDoS attack report Mon, 20 Mar 2017 15:53:16 +0300 /info/protect?id=2481 Q2 2016 DDoS attack report /info/protect?id=2484 Q2 2016 DDoS attack report Mon, 20 Mar 2017 15:53:16 +0300 /info/protect?id=2484 Q3 2016 DDoS attack report /info/protect?id=2487 Q3 2016 DDoS attack report Mon, 20 Mar 2017 15:53:16 +0300 /info/protect?id=2487 The massive attack lasted three days /en/info/blog-detail/the-massive-attack-lasted-three-days A long series of needle-like ddos bursts targeted one of the DDoS-GUARD customers last weekend. As the graph shows, the attacks peaked at 58 Gbps / 35 Mpps. Just for the first 3.5 hours there were more than 60 such large DDoS attacks on the same resource. In total, this massive attack lasted three days, from Friday to Monday, but thanks to our mitigation system the targeted resources remained available for legitimate users.       Mon, 20 Mar 2017 00:00:00 +0300 /en/info/blog-detail/the-massive-attack-lasted-three-days At the Mobile World Congress participants introduced new products and discussed the problems of mobile security /en/info/blog-detail/at-the-mobile-world-congress-participants-introduced-new-products-and-discussed-the-problems-of-mobile-security It is the largest event in the world organized by GSMA (GSM), this year it brought together more than 2200 companies, including HP, Intel, Lenovo, and Twitter. A variety of the industry innovations were represented within 9 halls and 11 open sites at the same time. The most advanced technologies from AT&T, Cisco, Jasper, KT Corporation were presented in a special location - at the GSMA Innovation City, where visitors could test and see the new market products in action.  The Congress was visited by more than 100 thousand professionals from 208 countries, who were able to discuss VR, mobile apps and games, 3D printing, data protection, back-end solutions, and much more.  This spectacular exhibition lasted 4 days and gave an opportunity to the DDoS-GUARD representatives to communicate with potential partners and customers as well as to learn what the Internet security issues they care about most.  The GSM Association represents the interests of mobile operators worldwide. Approximately 800 mobile operators are full members of the GSMA, and another 300 companies in the broader mobile ecosystem are associate members.          Tue, 14 Mar 2017 00:00:00 +0300 /en/info/blog-detail/at-the-mobile-world-congress-participants-introduced-new-products-and-discussed-the-problems-of-mobile-security DDoS-GUARD mitigated a series of attacks reaching 209Gbps /en/info/blog-detail/ddos-guard-mitigated-a-series-of-attacks-reaching-209-gbps   DDoS-GUARD mitigated a series of attacks reaching 209 Gbps, which targeted a customer resource. Firstly, the hackers were probing the victim for weak points by generating 20 Gbps garbage TCP SYN traffic for 25 minutes. Shortly after not having succeeded, they struck with several much more powerful but short-term assaults, which were filtered out by the protection system of DDoS-GUARD. This DDoS attack scenario can be called classic: a long weak attack, and after that — several large but short bursts. Without DDoS protection, the 70 Gbps garbage traffic would be enough to paralyze its operating.      Mon, 13 Mar 2017 00:00:00 +0300 /en/info/blog-detail/ddos-guard-mitigated-a-series-of-attacks-reaching-209-gbps The international Grand forum BIT'17 was hosted with support of DDoS-GUARD /en/info/blog-detail/the-international-grand-forum-bit-17-was-hosted-with-support-of-ddos-guard   For discussion the following reports and presentations were presented on various topics such as LOW-POWER WIDE-AREA NETWORKS, creating a private cloud, a business promotion in social networks, and of course - protection against cyber threats. In between the reports the attendees could visit the exhibition of innovative products in the field of communications.  The forum ended with raffle prizes and a small party giving opportunity for business leaders, teachers, officials and experts to talk in a relaxed atmosphere. The forum visitors noted the high level of managerial training combined with a pleasant friendly atmosphere. DDoS-GUARD was pleased to take part in the preparation of this meeting.  BIT is a series of specific events that are held throughout Russia. The subject is vast but always relevant and includes issues of cloud computing, virtualization, SaaS, data centers, cable infrastructure, storage (SAN, NAS), data analysis, protocols and applications, etc.           Fri, 27 Jan 2017 00:00:00 +0300 /en/info/blog-detail/the-international-grand-forum-bit-17-was-hosted-with-support-of-ddos-guard DDoS-GUARD protection solutions were represented at the exhibition in Tokyo http://satprnews.com/2016/11/21/ddos-guard-protection-solutions-were-represented-at-the-exhibition-in-tokyo/ RISCON Security & Safety Trade Expo is supported by the governmental industry-specific ministries of Japan and the authorities of the Tokyo Metropolitan district... Mon, 21 Nov 2016 00:00:00 +0300 http://satprnews.com/2016/11/21/ddos-guard-protection-solutions-were-represented-at-the-exhibition-in-tokyo/ DDoS-GUARD protection solutions were represented at the exhibition in Tokyo /en/info/blog-detail/ddos-guard-protection-solutions-were-represented-at-the-exhibition-in-tokyo   Apart from the exhibition that comprised more than 500 booths, the guests were able to participate in the thematic seminars including the ones devoted to the problem of Internet security and DDoS attacks in particular. The presentation of DDoS-GUARD services was conducted by our Japanese partner and integrator company NICHIEI INTERNATIONAL INCORPORATED.    RISCON Security & Safety Trade Expo is supported by the governmental industry-specific ministries of Japan and the authorities of the Tokyo Metropolitan district. The event is the key to all of the engineers, officials, developers, business leaders, who deal with information security.  We remind you that the DDoS-GUARD scrubbing center located in Tokyo was established in February 2016. The traffic filtering equipment is located in the Tokyo data center and integrated into a geographically distributed network of DDoS-GUARD, which also includes scrubbing centers in Germany, Netherlands, Russia, USA and China. Total network capacity surpasses 1.5 Tbps.    Fri, 18 Nov 2016 00:00:00 +0300 /en/info/blog-detail/ddos-guard-protection-solutions-were-represented-at-the-exhibition-in-tokyo The size of DDoS attacks increased 183 times: the IoT vulnerabilities create new realities /en/info/blog-detail/the-size-of-ddos-attacks-increased-183-times-the-iot-vulnerabilities-create-new-realities The 3rd quarter of 2016 surprised with new challenges for DDoS mitigation providers. By making use of Chinese web cameras the cyber criminals conducted an unprecedented in the history of the Internet DDoS attack which surpassed 1Tbps and became the largest attack ever occurred. We can say that after this event the Internet will never be the same.  Although the attacks became less frequent (8781 attacks occurred within a quarter which is by 30.2% less than in the 2nd quarter of 2016, and by 29.95% less compared to the same period of the previous year), they have become more sophisticated and large.    Such a phenomenal leap is due to the fact that in this quarter hackers generated the GRE flood with a giant botnet consisted of hacked IP cameras. Its forwarding rate has exceeded 360 Mpps. Likewise the total number of extreme attacks is impressive:  14 over 200 Mpps  28 over 100 Mpps  20 over 200 Gbps  22 over 100 Gbps  Having analyzed the protected resources which were targeted by other attacks as well, we have made the rankings of victim countries:    Resource victims ranking is worth interest as well  This past quarter has been marked by a significant increase (by 6,5%) in attacks on online stores. In the New Year upcoming period as well as winter holidays it is expected to experience peak attacks on online stores, game services and multimedia. But DDoS-GUARD is ready for these challenges. Thu, 17 Nov 2016 00:00:00 +0300 /en/info/blog-detail/the-size-of-ddos-attacks-increased-183-times-the-iot-vulnerabilities-create-new-realities DDoS-GUARD has launched a new customer panel with access to traffic statistics /en/info/blog-detail/ddos-guard-has-launched-a-new-customer-panel-with-access-to-traffic-statistics   Not only fresh and nice design is among the panel features, but also the opportunities that used to be available only by contacting our technical support. The panel comprises access to traffic statistics of protected object, heatmap that represents incoming requests on a world map, and a list of blocked IP addresses. In other words, from now on a customer has an opportunity to watch the process of data handling in real time and independently assess the load on their resource.  What else can be done in the new version of the client area?  Top up the balance with a convenient payment option (WebMoney, Visa/Mastercard, Perfect Money),  Activate our affiliate program and watch the growth of your income,  Change your current service or enable additional features,  Submit a ticket to the technical support and get responses.  And of course customers can customize their profile, change passwords, phone numbers, etc. But the work does not end there. Our team of best web designers and developers will continue to work on improving the interface to make its use most convenient for all customers of DDoS-GUARD.   Mon, 14 Nov 2016 00:00:00 +0300 /en/info/blog-detail/ddos-guard-has-launched-a-new-customer-panel-with-access-to-traffic-statistics DDoS-GUARD's customer has been attacked by hackers using Mirai malware /en/info/blog-detail/ddos-guard-s-customer-has-been-attacked-by-hackers-using-mirai-malware Recalling the recent past, we remind you that since mid-September DDoS-GUARD's network has been under attack by a botnet of hacked IoT devices. Compared to the 360 Mpps attacks, today ones can be considered as pathetic echoes. Judging by a small size of the attacks a little number of "smart" things has been used to generate malicious traffic. The microblog authors, who announced the news of SYN flood attack on DDoS-GUARD's customer, have ignored the invitation to begin a conversation regarding the attack. Thu, 10 Nov 2016 00:00:00 +0300 /en/info/blog-detail/ddos-guard-s-customer-has-been-attacked-by-hackers-using-mirai-malware The Most Powerful DDoS Attack on the Internet Has Affected has partially targeted DDoS-GUARD network http://inewstoday.net/2016/10/the-most-powerful-ddos-attack-on-the-internet-has-affected/ Unknown attackers are trying to paralyze the operation of protection services with the most powerful DDoS attacks ever. They were started on September 16, 2016 and are still going on. Fri, 07 Oct 2016 00:00:00 +0300 http://inewstoday.net/2016/10/the-most-powerful-ddos-attack-on-the-internet-has-affected/ The Most Powerful DDoS Attack on the Internet Has Affected The DDoS-GUARD Network /en/info/blog-detail/the-most-powerful-ddos-attack-on-the-internet-has-affected-the-ddos-guard-network Experts have every reason to believe that the observed phenomenal volume of spurious traffic is a part of a massive attack, which was directed against the website of journalist Brian Krebs, who had discovered the activity of vDOS, the largest DDoS-for-hire service. One of Europe's largest hosting companies has also undergone a number of DDoS attacks with two of them totaling 1Tbps, which is an all-time record. According to media reports, the attack was carried out by a botnet of 145,607 IoT devices that are capable to provide a total capacity of 1.5 Tbps with no amplification and reflection techniques additionally used. DDoS-GUARD  experts have reached the same conclusion after processing and analyzing the malicious traffic, saying that attackers used no amplification tools and directed their attacks on multiple protocols simultaneously. The combination of TCP SYN flood and TCP ACK flood, UDP flood, as well as the generation of GRE flood was a severe test for the provider’s DDoS mitigation network. Nevertheless, we have managed to minimize the impact on our customers thanks to the seamless operation of our NOC engineers. (Nomenclature: G - Gbps, M - Mpps) — The capacity and complexity of attacks are growing steadily, so we always have a reserve allowing us to make a "hot" bandwidth increase - commented Alexey Kuzik, the Head of NOC at DDoS-GUARD - the Internet is entering a new reality where protection services have to stay one step ahead of cyber criminals. Since the September 16 14 DDoS attacks were detected with a total capacity of more than 200 Mpps. Apparently, it's only the beginning. Wed, 05 Oct 2016 00:00:00 +0300 /en/info/blog-detail/the-most-powerful-ddos-attack-on-the-internet-has-affected-the-ddos-guard-network DDoS attack protection myths /en/info/blog-detail/ddos-attack-protection-myths Having been working in the field of DDoS attack protection for many years, our employees have come across a lot of bad advice on how to avoid being subjected to denial of service attacks without seeking help from specialized services. Listed below are some examples, and our response to them. Content delivery network (CDN) provides DDoS attack protection If you think that a CDN can distinguish between legitimate traffic and bad traffic, and easily discard the latter, think again. A CDN by itself was not designed to provide security; it is able to mitigate some attacks, but by no means all of them. Make sure that your CDN supports tools for DDoS attack reflection and that they are included with your service. At any rate, a CDN alone is unlikely to provide full protection against present-day DDoS attacks. CDN - Content Delivery Network Blacklists and whitelists – the ideal tool for resource access control You should not rely solely on blacklists and whitelists for resource access control. Because lists are static in the sense that they prevent “known bad” from happening, as a rule, they become obsolete the moment you configure them. They can, of course, be useful for reducing spurious traffic, but they do have limited effectiveness when you become the target of an attack. This is due to the fact that the spurious traffic comes from sources that you would not usually regard as suspicious, and thus have not yet had time to include in your blacklist. A firewall can protect against any DDoS attack Firewalls are not sufficiently effective against today's complex DDoS attacks. Moreover, they can become entry points of spurious traffic or the actual target of an attack. Limited internal memory and firewall’s computing power required to process all the information makes them easy targets for DDoS attackers. Threshold-based alert service is sufficient for DDoS protection Unfortunately, traffic spike alert does nothing to prevent or stop a DDoS attack; it simply notifies you about the crisis. And by the time the DDoS traffic spike is noticed by the service and you begin to deal with the consequences, twenty to thirty minutes will likely have passed. During that time your website or application will be down, and need recovering by experts. There is also the chance that by that time the perpetrators will have stolen your data or carried out more nefarious activities. For example, in March 2016, the SamSam group hacked an organization’s server system, stole and encrypted the key data required for daily operations, and then demanded a ransom. The main objective of a DDoS attack is to bring down an entire organization Despite the fact that DDoS attacks keep appearing in news headlines, only a small number of them can actually cripple an entire organization, completely stopping its operation. Most of them are designed to knock out a specific server, website, or web application. These selective attacks are small enough in volume and duration that traditional (outdated) anti-DDoS solutions do not notice them at all, or cannot react in time to effectively ward them off. Our research shows that the vast majority of DDoS attacks are low-threshold, short-term attacks which are typically used for extortion purposes, or serve as a cover for more nefarious activities, e.g., identity theft, stealing money from the accounts, etc. The above myths are fairly common; unfortunately, many people do not have sufficient experience in DDoS attack protection, so they believe the myths until they face reality. And in reality, only specialized DDoS protection service is able to detect and block DDoS attacks of all types and volumes in real time and around the clock, ensuring maximum stability of your resources. Mon, 03 Oct 2016 00:00:00 +0300 /en/info/blog-detail/ddos-attack-protection-myths DDoS-GUARD offers its own solutions for business Internet security /en/info/blog-detail/ddos-guard-offers-its-own-solutions-for-business-internet-security The company's employees told all the guests and participants of the trade show about the main service - protection of Internet resources from DDoS-attacks and ways of its implementation: proxying, virtual tunnel and physical channel development. The main advantage DDoS-GUARD products have over foreign competitors is their flexible pricing policy established due to independence from Western vendors, and its own independent network filtering. The colorfully decorated DDoS-GUARD booth was placed right at the entrance, attracting the attention of all visitors with its appealing and informative design. The company’s representatives gladly chatted with potential partners and customers, as well as numerous IT and engineering students who might work in the data security industry in the future. Our charming assistant Galina helped to conduct a survey, the results of which showed the respondents’ high level of awareness of the DDoS problem. 65% of respondents (both students and managers) have experienced DDoS attacks and are informed about which services provide protection. More than half of respondents prefer to use professional security services; moreover, cloud services and SECaaS take precedence over hardware solutions - 27.5% versus 22.5%, respectively. All survey participants received souvenirs – key chains and chocolate. Overall, the trade show was really successful and left a pleasant impression. Our company is always involved in trade shows happening in Russia and Europe, and is looking forward to meeting all interested parties at the next event. The events calendar is being updated regularly on the company’s official Twitter, Facebook pages. Mon, 26 Sep 2016 00:00:00 +0300 /en/info/blog-detail/ddos-guard-offers-its-own-solutions-for-business-internet-security UDP Flood attack volume increased by 71% http://finance.yahoo.com/news/udp-flood-attack-volume-increased-210000072.html Hackers activity has decreased significantly, but they became more violent. Such a conclusion was reached by DDoS-GUARD experts after analyzing the statistical data for the 2nd quarter of 2016... Wed, 14 Sep 2016 00:00:00 +0300 http://finance.yahoo.com/news/udp-flood-attack-volume-increased-210000072.html Protect your site from DDOS attacks http://www.crezist.com/ddos-guard-net-review/ If you are doing business online, you might be facing issues with the security or you must have heard about this. Also, if you have a popular site, then the chance of security attacks are even more. There is a time when the normal hosting doesn’t suit your business, and you need something different and advanced to tackle to the security. Sun, 10 Apr 2016 00:00:00 +0300 http://www.crezist.com/ddos-guard-net-review/ A DDos attack of unprecedented power has been detected in Russia http://www.pressreleasepoint.com/ddos-attack-unprecedented-power-has-been-detected-russia On March 13 and 16 DDoS-GUARD's protection system was targeted by a series of unprecedentedly powerful DDoS attacks. The detected peak power reached 259 million packets per second, which is 5.5 times more powerful than the largest attack detected by DDoS-GUARD in 2015, and by 38 million packets per second more powerful than the largest attack detected by Akamai company. Fri, 01 Apr 2016 00:00:00 +0300 http://www.pressreleasepoint.com/ddos-attack-unprecedented-power-has-been-detected-russia How to Protect yourself from DDoS Attack? http://www.tricksroad.com/2016/03/how-to-protect-yourself-from-ddos-attack.html If you are new and not aware of what is Ddos attack then here is the short introduction of Ddos attack. DDoS is a type of DOS attack where multiple systems infected with Trojans, are used to target a single system causing a Denial of Service (DoS) attack. The Ddos attacked system can be the end system and all those which has used such stuffs and these systems can be controlled by the hackers. Fri, 11 Mar 2016 00:00:00 +0300 http://www.tricksroad.com/2016/03/how-to-protect-yourself-from-ddos-attack.html Hackers are increasing their attack power http://bznews.bz/bz/article/100100100101494424 DDoS-GUARD experts notice that attacks become more sophisticated and powerful. On the average, the filtration system faced 130 attacks daily, i.e., 5 attacks every hour. Moreover, the number of massive DDoS attacks (over 100 Gbps) significantly increased – by 29%. 7 super-strong attacks (over 200 Gbps) were registered. Wed, 18 Nov 2015 00:00:00 +0300 http://bznews.bz/bz/article/100100100101494424 DDoS-GUARD Has Introduced Real-time Protection Against DDoS Attacks http://www.virtual-strategy.com/2014/08/05/ddos-guard-has-introduced-real-time-protection-against-ddos-attacks#axzz3C53oSj1Z The number of DDoS attacks on WEB resources is growing daily, especially in politically unstable countries. That poses a risk to the availability of the resource (including Mass Media) and, consequently, loss of audience and business. DDoS-Guard.net provides a wide range of custom solutions to protect customers from any volume DDoS attacks. Wed, 06 Aug 2014 00:00:00 +0400 http://www.virtual-strategy.com/2014/08/05/ddos-guard-has-introduced-real-time-protection-against-ddos-attacks#axzz3C53oSj1Z