Hackers conducted a devastating DDoS attack on an African provider

Last weekend, unknown attackers conducted a devastating DDoS attack on the Cool Ideas network (AS37680), one of South Africa’s leading Internet service providers.

As a result, numerous provider’s clients have connection problems; judging by the statement on the company’s website, the connection of the AS-network with the outside world was also disrupted.

How strong the blow was, so far it can only be judged by the consequences. Commenting on a new attack for the local press, a Cool Ideas spokesman said it was four times more powerful than a similar incident, recorded on September 11.

The commentator also noted that the attackers applied the method of amplifying the garbage stream using open DNS resolvers. The ZDNet reporter, in turn, managed to find out that the attackers also used another way of DDoS amplification – through CLDAP.

Read also: Apple restricts Safari ad blockers, but no one pays attention

It is noteworthy that the attackers chose carpet bombing tactics, that is, they “bombed” not the only target, but thousands of IP addresses on the network. The garbage stream sprayed in this way did not cause much harm to Cool Ideas customers, only routers at the AS-network border suffered from congestion, and as a result they could not cope with it.

It later emerged that the DDoS incident also affected Atomic Access, another Internet service provider in South Africa.

In a comment for ZDNet, security specialist Tucker Preston noted that carpet bombing tactics are used primarily against Internet service providers. According to him, this method allows bypassing the simplest protection like blackhole filtering (with the rejection of unwanted packets at the router level), as well as network analyzers.

“If successful, such attacks usually cause network-wide interruptions and sustained performance losses. Sometimes an attack is deliberately carried out during peak hours of Internet activity in order to exacerbate user dissatisfaction. As a result, the provider incurs losses and loses its reputation”, – quotes ZDNet expert’s comments.

DDoS attacks carried out as carpet bombing are quite uncommon – just recalling the sensational incidents in Liberia and Cambodia.

How to protect providers?

Such cases are a good reason to remind providers of the necessity to upgrade DDoS protection tools.

The ZDNet interlocutor, for example, recommends the widespread use of the DDoS Open Threat Signaling (DOTS) protocol, which provides for real-time telemetry data exchange between domains or within a single domain. In his opinion, filtering traffic using the BGP flowspec protocol (RFC 5575) will also help prevent carpet bombing attacks.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button