News

Hackers conducted a devastating DDoS attack on an African provider

Photo of Daniel Zimmermann Daniel ZimmermannSeptember 26, 2019
0 85 1 minute read

Last weekend, unknown attackers conducted a devastating DDoS attack on the Cool Ideas network (AS37680), one of South Africa’s leading Internet service providers.

As a result, numerous provider’s clients have connection problems; judging by the statement on the company’s website, the connection of the AS-network with the outside world was also disrupted.

How strong the blow was, so far it can only be judged by the consequences. Commenting on a new attack for the local press, a Cool Ideas spokesman said it was four times more powerful than a similar incident, recorded on September 11.

The commentator also noted that the attackers applied the method of amplifying the garbage stream using open DNS resolvers. The ZDNet reporter, in turn, managed to find out that the attackers also used another way of DDoS amplification – through CLDAP.

Read also: Apple restricts Safari ad blockers, but no one pays attention

It is noteworthy that the attackers chose carpet bombing tactics, that is, they “bombed” not the only target, but thousands of IP addresses on the network. The garbage stream sprayed in this way did not cause much harm to Cool Ideas customers, only routers at the AS-network border suffered from congestion, and as a result they could not cope with it.

It later emerged that the DDoS incident also affected Atomic Access, another Internet service provider in South Africa.

In a comment for ZDNet, security specialist Tucker Preston noted that carpet bombing tactics are used primarily against Internet service providers. According to him, this method allows bypassing the simplest protection like blackhole filtering (with the rejection of unwanted packets at the router level), as well as network analyzers.

“If successful, such attacks usually cause network-wide interruptions and sustained performance losses. Sometimes an attack is deliberately carried out during peak hours of Internet activity in order to exacerbate user dissatisfaction. As a result, the provider incurs losses and loses its reputation”, – quotes ZDNet expert’s comments.

DDoS attacks carried out as carpet bombing are quite uncommon – just recalling the sensational incidents in Liberia and Cambodia.

How to protect providers?

Such cases are a good reason to remind providers of the necessity to upgrade DDoS protection tools.

The ZDNet interlocutor, for example, recommends the widespread use of the DDoS Open Threat Signaling (DOTS) protocol, which provides for real-time telemetry data exchange between domains or within a single domain. In his opinion, filtering traffic using the BGP flowspec protocol (RFC 5575) will also help prevent carpet bombing attacks.
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Tags
Photo of Daniel Zimmermann Daniel ZimmermannSeptember 26, 2019
0 85 1 minute read
Photo of Daniel Zimmermann

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Chrome’s new API brings an end to ad blockers

February 12, 2019
Trump administration officials accounts

SolarWinds Attack Gives Hackers Access to Trump Administration Officials Accounts

March 29, 2021
ICRC develops digital emblem

ICRC Develops Digital Emblem to Protect Hospitals during Cyber War

November 7, 2022
Ecuador arrested for data leak

In Ecuador was arrested the head of the company responsible for the leakage of data of millions of citizen

September 20, 2019

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2024, All Rights Reserved  | Adware.Guru;
Back to top button