With the recent news about DDoS Attacks on a bunch of grids, we have also had several clients whom have been attacked. This has motivated us to share how we were able to tame the situation within about 48 hours. This is still an evolving solution as we need to make sure we keep our customers grids and regions online.
Now to explain the above image, I am going to be breaking it down in the sections that are listed in the image from left to right.
User: This is you, the attacker, or whomever is trying to access the grid, simulator, assets, etc.
Cloud DNS Routing: We pay extra for our DNS to be hosted in the cloud, that allows us to scan for attacks at the first level before you even hit a server. This technology also provides checking against our servers verifying they are responding with 9 different locations for the quickest resolution time for looking up our latest dns records for routing purposes.
Routing Firewall: This is a tool we recently put in place as attacks were able to make it through by bypassing DNS and going straight for our IP Addresses. This firewall detects all types of attacks, and then determines if traffic is legit or an attack. If an attack is detected that traffic is sent to the null server.
The Null Server is just a server that is a dead end, it just eats bad traffic and does nothing else.
Proxy Server: If an attack has made it this far, we have one final trick in our arsenal and that is our server with a 10Gbps connection to eat whatever has somehow gotten this far. Also from this point we can setup the server’s firewall to protect you from future attacks of known attackers. Also the proxy server doubles as a cache for assets and inventory for legitimate users giving them faster loading times on assets and inventory for commonly requested items.
Destination Servers: After going through this process in a matter of milliseconds, you will end up at your destination allowing you to make sure you have a connection that travels through all these layers of security to keep customer’s services online and functional.
I hope this process can provide insight to other grids out there and help provide a way for them to protect themselves from these attacks. Remember the largest way to protect yourself, is just to make sure not to feed into the attacks. There is no 100% attack that will ever be fully protected against, hackers will always find new ways to attack. The best course of action is to be proactive at always improving protection, while not antagonizing the attackers, this only fuels them to find new ways to cause issues.