Hackers conducted a devastating DDoS attack on an African provider

Last weekend, unknown attackers conducted a devastating DDoS attack on the Cool Ideas network (AS37680), one of South Africa’s leading Internet service providers.

How strong the blow was, so far it can only be judged by the consequences. Commenting on a new attack for the local press, a Cool Ideas spokesman said it was four times more powerful than a similar incident, recorded on September 11.

The commentator also noted that the attackers applied the method of amplifying the garbage stream using open DNS resolvers. The ZDNet reporter, in turn, managed to find out that the attackers also used another way of DDoS amplification – through CLDAP.

Read also: Apple restricts Safari ad blockers, but no one pays attention

It is noteworthy that the attackers chose carpet bombing tactics, that is, they “bombed” not the only target, but thousands of IP addresses on the network. The garbage stream sprayed in this way did not cause much harm to Cool Ideas customers, only routers at the AS-network border suffered from congestion, and as a result they could not cope with it.

It later emerged that the DDoS incident also affected Atomic Access, another Internet service provider in South Africa.

In a comment for ZDNet, security specialist Tucker Preston noted that carpet bombing tactics are used primarily against Internet service providers. According to him, this method allows bypassing the simplest protection like blackhole filtering (with the rejection of unwanted packets at the router level), as well as network analyzers.

“If successful, such attacks usually cause network-wide interruptions and sustained performance losses. Sometimes an attack is deliberately carried out during peak hours of Internet activity in order to exacerbate user dissatisfaction. As a result, the provider incurs losses and loses its reputation”, – quotes ZDNet expert’s comments.

DDoS attacks carried out as carpet bombing are quite uncommon – just recalling the sensational incidents in Liberia and Cambodia.

How to protect providers?

Such cases are a good reason to remind providers of the necessity to upgrade DDoS protection tools.