DDOS -attacks is a recurring problem that affects many companies. We will give you some information on which measures we have taken to reduce the risk of attacks and reduce the effect of the attacks.
It’s often hard to figure out who is behind the attacks on servers and why it is done. Some attacks are easier, like the one’s where we can see which specific website being attacked and we can take actions to secure and protect the website. But often the attacks are more advanced than that, and we donÂ´t know the exact target for the attack. The attacks are also hard to trace because of the large amount of innocent peoples computers and servers that is being used in the attacks which is often world wide.
A subject that has become increasingly common is extortion. The hacker demands a certain amount of money not to start or to end an DDOS -attack. The attack against the Swedish bank, Swedbank, in the beginning of November is one of those. To pay isn’t the way to go, because you don’t get a testimony that the hacker won’t do it again and demand even more money in the future. You don’t get protection from other hackers that also demands money. Instead the money and time should be put on better infrastructure that protects you from attacks.
Below we will talk about some of the protections we have added lately. A lot of the these demands larger changes in the infrastructure, which takes time to proceed.
Blocking of UDP
It’s likely you heard about protocols like HTTP, IMAP and FTP. This is internet protocols that corresponds our regular languages. If two computers are able to communicate with each other, they need to speak the same language. The computer then knows exactly what is commandos, what they mean and what’s the data that needs to be transmitted. But these protocols doesn’t mean anything about how the actual data can be sent between the computers. That’s when TCP and UDP comes up. This is two protocols that defines how the actual data will be transmitted. These protocols makes sure that the data reaches the right receiver, that the data comes in the right order and doesn’t change during time.
TCP is used amongst several of the services at Binero, like websites, database and e-mail. UDP is used instead of services where it’s important that data is delivered fast and careless if some data would disappear on the way. An example is for streaming where it doesn’t matter if small disorders would appear, as long as the data transmission is quick. UDP is used for DNS and NTP that is a protocol to automatically set the right time on servers. Unfortunately, UDP is used frequently at DDOS-attacks. When there is an attack which creates lot’s of traffic there is a chance that our lines get full and legitimate traffic gets blocked, even though our servers blocks UDP-traffic. To solve this we have started blocking UDP-traffic directly at our internet providers instead at our own servers. Even though we still have some servers that needs to use UDP-traffic a large amount of the attacks that use UDP will be blocked automatically without us even knowing we are under attack.
Larger capacity for traffic
Binero have two independent internet suppliers. If one of the two should face problems the traffic would automatically transfer to the other, but normally both internet suppliers are used at the same time. To be able to use only one of them at disordersÂ we have a surplus capacity compared to our traffic normally. At DDOS -attacks there can be enormous amount of data traffic. The larges attack noted was around 400 gigabit per second. At an attack that massive pretty much every company is matchless because is not economically to invest in that high of capacity to secure yourself from attacks that massive. Most of the attacks are much smaller and to protect ourselves better against them we have increased our capacity substantially.
further the abbreviation of a protocol. BGP stands for “Border Gateway Protocol” and is used to tell how traffic will be run between different suppliers. As told before Binero has two internet suppliers. These have their own agreements with other internet suppliers, in this case called communities. This binds the internet together as one large network where there is always multiple ways between two computers, regardless where in the world they are placed.
At DDOS -attacks hundred of thousands computers spred around the world are being used. At attacks, Asian countries often stands for a large amount of the traffic. This is because expended infrastructure in combination with a lot of computers isn’t patched and can be used by hackers. As we are an hosting company with foremost Swedish customers we will at the attack see that the traffic from some internet suppliers only almost is depends on the attack, when some other internet suppliers both have legitimate traffic and traffic depending on the attack. In BGP we can with a single keystroke temporarily block Â traffic from some internet suppliers. This can make large amount of the attack to be restricted without “regular” visitors to websites having us as a hosting supplier, without suffering.
Peace and joy?
Does this mean that we are a 100 percent secured against DDOS -attacks? Sorry to say no, as much as any other company is totally secured. In the end it’s mostly about who has the largest resources, the attacker or the one being attacked. Is the attack massive there is a chance that we will get malfunctions or block legitime traffic. We will continue to work our very hardest to protect ourselves from attacks and follow developments of better protection.