Mitigating a 35Gbit DDoS Attacks

As part of our on-going commitment to delivering a reliable hosting platform for our customers around Australia, we’re excited to continue our relationship with the guys at Micron21 who have created a purpose-built DDoS protection service to help us deliver a 100% up-time to our customers.

When it came to adding DDoS protection to our network, we took the time to understand the requirements of what can be delivered to us. We realised that the majority of DDoS protection on the market were only offered internationally, and would not fit with what we wanted to deliver to our end customers.  Utilising DDoS protection services  internationally simply meant that we would be routing our traffic internationally to have it cleaned.

By teaming up with the guys at Micron21, we are able to route any DDoS traffic domestically to their network to have it cleaned for us and than delivering only clean traffic back to our network.  This lets us offer the lowest latency when it comes to having DDoS traffic soaked & scrubbed for us.

In recent times, Micron21 have soaked & scrubbed large DDoS attacks towards our network while allowing our network to remain unaffected during the on-going attack.

(Click image to view more details)
(Click image to view more details)

These graphs show a recent attack reaching 34.11Gbps with almost 600,000,000 packets per minute.  We were able to re-route our traffic domestically to Micron21 for soak & scrubbing while we were able to continue delivering our services to our customers during the on-going attack.

This NTP DDoS amplification attack used the UDP protocol with a source port of 123 and destination port 80 towards the targeted HTTP service from more than 20,000+ unique IP addresses globally with approximately 5% (1028 IP addresses) of the DDoS traffic coming from within Australia.

(Click image to view more details)
The attack started as a 5gbit attack which was very quickly turned up to a 10gbit for 5 minutes and increased to a 20gbit attack followed by a brief 5 minute break and a final attempt to flood the network for 3 minutes reaching a peek speed of 34.1 gbit

1.1 TB of data was absorbed within 15 minutes.

(Click image to view more details)
The total duration of the attack lasted 1 hour with 70% of the attack traffic received in the first 15 minutes reaching a 95% percentile of 20gbits for the hour.

With the extra protection to our network, we have added this at no additional cost for our customers.