1/25/22 · 7 minutes read

Short story of Tom and DDoS problems in DataCenter

Initially, it looked like another pleasant and stress-free day at work. A crispy roll with lettuce and yellow cheese was already on the table. Tom waited for his tea to cool down. He reflexively glanced at the screen suspended from the ceiling. He looked down at the sandwich, then at the monitor again. Something was wrong. Very wrong, and therefore he rose quickly from his armchair and put one hand on the table top and scratched his head with the other one.

Tom worked as a data security specialist for years. DDoS attacks were nothing new to him. This one, however, surprised him with its size and intensity. The attackers' targets were specific i.e. large portals and online stores belonging to his company's leading client. The services could not withstand the volume of traffic. Before he could react, other clients websites also broke down.  Tom had already warned the management many times that such a thing could happen. This time, the manual traffic firewall didn't help. It happened within a few dozen seconds; the system sent out an alarm signal, however, the attack had caused damage that could not be repaired on the spot.
The first calls started ringing after a few minutes. Concerned website administrators asked why their websites had disappeared from the web. The next few hours were the opposite of a fun and stress-free day at work. It was then that Tom promised himself that this time he would seriously talk to the bosses about a solution that would prevent such situations once and for all. His bosses asked him to send out requests for proposals. Quotes started at half a million and up. That's how much security costs. Even if they decided to make such an investment, the cost of this implementation would have to be borne by customers. Hosting prices would rise, competitiveness would drop, customers would be taken over by companies that would continue to take risks and remain vulnerable to these types of attacks. A classic stalemate.

However, this time Tom did not give up. This last story had cost him too much nerve. He had to make good research, ask the right people and that's how he found our company.

Our name is ITORO.

We help small and medium-sized ISPs reduce the cost of protecting themselves from DDoS attacks by twenty to forty times over off-the-shelf and very expensive hardware solutions. We are a certified, gold partner of Andrisoft, a company whose software protects the digital security of thousands of networks around the world.   

Depending on your needs, we can provide DDoS protection at a basic level - so called Black Hole Routing (cutting off an attacked IP address) - and at an extended level - by filtering traffic, enabling uninterrupted functioning of your network and services even during the attack.

Thanks to our solutions, complete protection with filtering of DDoS traffic with a bandwidth of n x 10-40 GE becomes available for the small and medium-sized ISP sectors.
It can be scaled depending on the size of the network and the amount of traffic to the Internet. Our solutions are used by Polish and foreign providers, who thus save huge amounts of money and provide their clients with a high level of security.

How does Wanguard work?

Wanguard consists of 2 main modules: Sensor and Filter.

Sensor - collects traffic information using NetFlow / IPFIX / sFlow protocols or analyzes a copy of all traffic (port-mirror). The use of the latter technology reduces the reaction time to an attack to 5 seconds at most! In addition to providing security, the capabilities of this module can contribute to significant cost reductions. Thanks to data retention and detailed reporting of information about traffic between BGP networks it is possible to better plan link purchases on the basis of real traffic analysis. During our implementation, we help to optimize the costs of using links. Depending on the scope of ITORO implementation, the potential savings can significantly exceed the investment costs.

Filter - Wanguard traffic filtering is implemented using a filtering server or BGP FlowSpec protocol running on a BGP router. In case of servers, we use special network cards supporting hardware filtering at speeds of 10/40/100 GE. It is a very advanced form of traffic filtering.

Most traffic filtering requires redirection. In a single-router network, this procedure can be problematic and create loops in routing. There are several solutions to this problem - from simple to very complicated ones, requiring significant changes in the network and routing.

Service availability and reliability

Implementing anti-DDoS protection for ISPs and data centers is a must. However, it may come at a high purchase and maintenance cost. It may or may not. In the case of the Wanguard solution, this cost is surprisingly low.
Even the smallest networks can benefit from this type of protection.
No high monthly fees or huge hardware investments Some companies still rely on protecting their network with Remotely Triggered Black Hole. However, this is not an ideal solution you can rely on. It is a very primitive and ineffective form of fighting attacks. Launching RTBH protection causes cutting off and blocking any traffic to the attacked IP address. (also DDoS).

Carpet bomb” attacks are becoming an increasingly frequent problem. They consist in attacking IP addresses one by one from the entire address class, completely disabling data transmission to the Internet and blocking the entire attacked class. The only solution in this case is to buy a link to the Scrubbing Center and redirect the IP address class (subnet) to filter the traffic - however, we have to pay dearly for each such attack and redirection.

The solution to this problem is to filter DDoS attacks. The only requirement is the uplink bandwidth to accommodate our traffic and DDoS.
Wanguard-protected companies with links in excess of 2-3 Gbps are able to filter most attacks that fall within the available volume of uplinks without causing any interruption of access for their customers.

In the case of larger attacks, the only options remains RTBH or using the Scrubbing Center and redirecting the attacked subnet class (/24).

Through the eyes of an Internet user

There is nothing more important than a stable and constant access to the Internet. This is especially true for online gamers, who are a growing group of target customers. Gamers are the most vulnerable to attacks from their adversaries, and a service provider can be in serious trouble if it does not employ some form of protection.

In this case, triggering RTBH, or Black Hole Routing, protection is the same punishment for the player as a successful attack - both situations result in dropping out  from the game and a break for a few minutes.

It is worth remembering and gradually implementing protective mechanisms. The solution we offer is the cheapest and the best option for small and medium-sized companies. Protection and prevention will always be less expensive than the losses caused by attacks. It is particularly acute and palpable in data centers, where the outflow of customers after such incidents is almost immediate.

Extensive experience in the ISP market allows us to take an individual approach and choose the most economical option. We invite you to familiarize yourself with our offer and to contact our consultant. We will certainly offer you the best solution.

Our mission is to provide affordable protection against DDoS attacks to all ISPs and content providers, regardless of the size and amount of traffic.