In July, Imperva mitigated its largest attack as a provider of DDoS protection, and one of the largest DDoS attacks so far in 2021. The attack lasted for 40 minutes and generated a massive throughput of 1.02 terabytes per second (Tbps) and 155 million packets per second (Mpps).
Imperva also mitigated a large layer 7 DDoS attack in July 2020 which, as with the most recent attack, targeted services hosting online gambling sites making it difficult to rule out a link to the Olympic Games.
In our 2020 blog we reported how over time DDoS attacks have become more sophisticated in their constitution. In this particular case the attackers also applied intelligent methods by combining several different attack vectors including UDP flood, SYN flood, large SYN and DNS amplification attacks.
Attack tactics
The attackers began by launching a volumetric DNS amplification attack on multiple sources in addition to a high rate SYN flood attack on port 80. The first wave of the attack reached 192 gigabytes per second (Gbps) and 33 million packets per second (Mpps). After only several minutes the attack reached its peak of 1.02 Tbps and 155 Mpps and at that time consisted of a combination of vectors including SYN flood, large SYN, UDP flood and DNS amplification.
In the days following this event, Imperva also mitigated a second sizable attack which peaked at a bandwidth of 858 Gbps and 225 million PPS. This time the attack was longer, lasting two hours and targeted a specific network prefix (/24 C-Class address) with the attack spanning the entire range of IPs.
As in the previous incident, the attack appears to have originated in China and consisted of a similar combination of vectors including UDP-flood, SYN-flood and DNS amplification.
Fast and fully automated mitigation
The defense against this attack was fast and fully automated with mitigation taking less than one second. And Imperva is in the unique position of being able to offer DDoS customers a guaranteed 3 second SLA against any DDoS attack no matter the size or the duration.
Supported by the power of our entire global scrubbing network of 47 PoPs (Points of Presence), all of which have dedicated Imperva behemoth hardware and software capabilities, we block the bad traffic as closely as possible to the attack source while continuing to let legitimate traffic through. And we’re doing this constantly with our 6 Tbps global network capable of mitigating 65 billion attack packets per second blocking over 3.5 million bad requests every day.
Imperva behemoths in different PoPs are able to “speak” to one another so at any given time each scrubbing appliance is not only aware of the traffic inbound to that individual PoP, but also of traffic scenarios across the entire network.
Imperva completely automates the process of mitigating these types of large-scale attacks. Leveraging Artificial Intelligence (AI) and Machine Learning to behave like a SOC engineer we automate the creation of security policies for each range which enhances DDoS protection considerably and, as everything is conducted in real-time, rules out the need for human intervention.
In addition, our SD-NOC automatically divides the attack traffic between different PoPs and\or ISP channels, to optimize our resources in such a way that will provide the best possible mitigation while also protecting legitimate traffic to the customer.
Find out more about Imperva DDoS Protection here.
Try Imperva for Free
Protect your business for 30 days on Imperva.