At InterServer, we are always focused on providing our customers with reliable, uninterrupted hosting service. Recently, our defense was tested by a 1.2TB DDoS attack on one of our customer’s IP addresses, but thanks to our partnership with Path Networks, our services stayed online, and we didn’t even notice the attack happening at the time. Here’s a closer look at what happened and how we managed to stay completely unaffected.

Our Partnership with Path Networks

We provide web hosting services, including shared hosting, cloud hosting, dedicated servers, and colocation since 1999. To defend our network against cyber threats like DDoS (Distributed Denial of Service) attacks, we partnered with Path Networks in 2021. This partnership has proved to be very useful in ensuring our infrastructure remains secure, allowing us to offer you DDoS-protected floating IPs with our hosting services. Before we move on to the actual attack information, Let’s learn some basic terms.

What are DDoS attacks? DDoS attacks flood a target server or network with an overwhelming amount of traffic, aiming to disrupt normal service and make the website or server inaccessible. These attacks can be highly disruptive, causing downtime and potentially leading to financial losses and reputational damage.

And, here is beirf information on Floating IPs.

Floating IPs are a special type of IP address that can be moved between different servers or networks. This flexibility allows us to manage traffic more efficiently and offer continuous protection, even if one server is targeted by an attack.

The Attack

On July 31st, a powerful and sophisticated DDoS attack targeted five specific IP addresses associated with one of our clients. The attack was multi-vector as it used multiple methods to try to overwhelm our network. It reached a peak of 1.2 Tbps (terabits per second) and generated 360 million packets per second over a span of five hours. However, there was no downtime or slowdown in the performance of the systems.

Multi-vector attacks are especially dangerous because they combine different techniques, making them harder to block. For example, this attack used both UDP (User Datagram Protocol) and GRE (Generic Routing Encapsulation) methods, which are common in DDoS attacks due to their ability to generate a large volume of traffic.

Here are some charts from Path Networks that shows how much traffic they were blocking to shield our network.

The first chart shows how much UDP traffic was blocked during the DDoS attack. You can see significant spikes in blocked traffic, which means the mitigation rules were effective in filtering out unwanted data (More information on the rules below).

The second chart provides a overall view of all blocked traffic, including TCP and other protocols. There’s a big spike around 01:00, which shows the heavy blocking efforts during the attack. The yellow area shows the blocked UDP traffic, and the green part shows blocked TCP traffic. Together, these charts illustrate the scale of the DDoS attack and how Path Network successfully helped protect InterServer’s network by filtering out harmful traffic from the attack.

The Effect

Despite the intensity and scale of the attack, our services remained fully operational, and there was no disruption to our network. We didn’t even know the attack was happening until Path Networks informed us afterward.

Here is the chart of the traffic at the time of attack on one of the interserver’s switch.

To make it easier to explain, Basically, The graph shows inbound and outbound data flow at any given time. Inbound traffic peaks at 42.31 Mbps, but overall, it’s relatively low. In contrast, outbound traffic is much higher, reaching up to 1.17 Gbps, which is common for a typical server as it sends data more than it receives.

The graph shows some spikes in traffic, particularly early on July 30. These spikes could be due to the attack. Overall, the chart reflects normal network activity, with some fluctuations when the attack was happening. However, the flood on our switch was not near enough to cause any downtime or slowdown for our client’s business.

How Path Networks Shielded Us

Path Networks used a multi-layered DDoS mitigation strategy that effectively neutralized the attack before it could cause any harm. Here are some of the techniques used b y Path Networks to help us mitigate the attack.

  1. Automatic Traffic Filtering: As soon as the attack began, Path Networks’ Orchestrator system automatically detected and filtered out the majority of the malicious traffic. This first layer of defense is crucial for handling large-scale attacks, like the one we experienced.
  2. Stateful Firewall Rules: These rules are designed to track the state of network connections and filter out any suspicious activity. Our client was able to customize these rules to fit their specific needs, ensuring that the protection was tailored to the applications they were using.
  3. Custom DDoS Filters: Finally, Path Networks used custom-built DDoS filters that are specifically designed to counter the attack vectors we were facing. These filters are based on the unique characteristics of the applications being protected, ensuring that even the most complex attacks are blocked.

Thanks to Path Networks’ defense strategy, the attack had no impact on our services or our customers. Our client experienced no downtime or interruptions, and we continued to operate as usual. This incident proved the effectiveness of our partnership with Path Networks and made us realise the importance of having robust, adaptive security measures in place.

Path Network also wrote a detailed case study on how they helped us mitigate the attack. If you want to learn in detail about it, You can refer this case study on Path Network’s blog.

The Importance of DDoS Protection for you

DDoS attacks can happen on anyone, due to any reason, at any time. However, with the right security systems in place, the impact of such attacks can be completely mitigated before it can harm. The key is to have a multi-layered defense strategy like we had in this case that can adapt to different types of attacks and keep your network secure.

At InterServer, we are committed to providing our customers with the highest level of security when our customers are hosting their systems with us. Our partnership with Path Networks ensures that we’re always prepared to defend against even the most sophisticated cyber threats.

If you are interested in knowing how we can help you with a secure web hosting environment, feel free connect with us. Our goal is to keep your website or server running smoothly, no matter what challenges come our way.

You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply