News

Hackers conducted a devastating DDoS attack on an African provider

Last weekend, unknown attackers conducted a devastating DDoS attack on the Cool Ideas network (AS37680), one of South Africa’s leading Internet service providers.

As a result, numerous provider’s clients have connection problems; judging by the statement on the company’s website, the connection of the AS-network with the outside world was also disrupted.

How strong the blow was, so far it can only be judged by the consequences. Commenting on a new attack for the local press, a Cool Ideas spokesman said it was four times more powerful than a similar incident, recorded on September 11.

The commentator also noted that the attackers applied the method of amplifying the garbage stream using open DNS resolvers. The ZDNet reporter, in turn, managed to find out that the attackers also used another way of DDoS amplification – through CLDAP.

Read also: Apple restricts Safari ad blockers, but no one pays attention

It is noteworthy that the attackers chose carpet bombing tactics, that is, they “bombed” not the only target, but thousands of IP addresses on the network. The garbage stream sprayed in this way did not cause much harm to Cool Ideas customers, only routers at the AS-network border suffered from congestion, and as a result they could not cope with it.

It later emerged that the DDoS incident also affected Atomic Access, another Internet service provider in South Africa.

In a comment for ZDNet, security specialist Tucker Preston noted that carpet bombing tactics are used primarily against Internet service providers. According to him, this method allows bypassing the simplest protection like blackhole filtering (with the rejection of unwanted packets at the router level), as well as network analyzers.

“If successful, such attacks usually cause network-wide interruptions and sustained performance losses. Sometimes an attack is deliberately carried out during peak hours of Internet activity in order to exacerbate user dissatisfaction. As a result, the provider incurs losses and loses its reputation”, – quotes ZDNet expert’s comments.

DDoS attacks carried out as carpet bombing are quite uncommon – just recalling the sensational incidents in Liberia and Cambodia.

How to protect providers?

Such cases are a good reason to remind providers of the necessity to upgrade DDoS protection tools.

The ZDNet interlocutor, for example, recommends the widespread use of the DDoS Open Threat Signaling (DOTS) protocol, which provides for real-time telemetry data exchange between domains or within a single domain. In his opinion, filtering traffic using the BGP flowspec protocol (RFC 5575) will also help prevent carpet bombing attacks.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove News-bpudepi.today pop-up ads (Virus Removal Guide)

News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…

21 hours ago

Remove Doguhtam.xyz pop-up ads (Virus Removal Guide)

Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…

21 hours ago

Remove News-xlixoti pop-up ads (Virus Removal Guide)

News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…

21 hours ago

Remove Ducesousightion pop-up ads (Virus Removal Guide)

Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…

21 hours ago

Remove News-xlabica.live pop-up ads (Virus Removal Guide)

News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…

22 hours ago

Remove Mergechain.co.in pop-up ads (Virus Removal Guide)

Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…

22 hours ago