Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

How We Blocked a 650Gb DDoS Attack Over Lunch

5,051 views

Published on

Recently, our network was hit with one of the largest DDoS attacks the Internet has seen. We’ll describe the technology and peering architecture used to mitigate the attack. Find out how we enjoyed lunch while automatically mitigating an enormous attack with zero downtime.

Published in: Technology
  • Be the first to comment

How We Blocked a 650Gb DDoS Attack Over Lunch

  1. 1. © 2017 Imperva, Inc. All rights reserved. Blocking a 650 Gbps DDoS Attack Over Lunch Robert Hamilton – Imperva Incapsula Infosecurity Europe – June 2017
  2. 2. © 2017 Imperva, Inc. All rights reserved.2 DDoS Attacks Bigger than ever 2009 2012 2014 2016 100 300 500 700 2017 1,000 60 Gbps 300 Gbps 1 Tbps (Dyn) 600 Gbps (Krebs Blog) Data blast equal to 15 HD movies per SECOND
  3. 3. © 2017 Imperva, Inc. All rights reserved. DDoS Mitigation It Takes a Monster 3 • A mighty animal • Something of monstrous size • A Behemoth – Massive throughput – Software intensive – Designed and built by us
  4. 4. © 2017 Imperva, Inc. All rights reserved. Confidential4 21 December 2016
  5. 5. © 2017 Imperva, Inc. All rights reserved. Lunchtime at the NOC, 08:56:00 UTC
  6. 6. Confidential6 Throughput Stress test
  7. 7. © 2017 Imperva, Inc. All rights reserved. Confidential7 Let’s Go Back in Time…
  8. 8. © 2017 Imperva, Inc. All rights reserved.8 Before Behemoth
  9. 9. © 2017 Imperva, Inc. All rights reserved. Performance Challenges Start Measuring Everything as Early as Possible Detection Core Brain 75% CPU Muscle 99% CPU Mitigation Core
  10. 10. © 2017 Imperva, Inc. All rights reserved. Mitigation by HW Process packets at line rate using software The “brain” detects and applies the right mitigation policy Brain then offloads mitigation to specially designed hardware
  11. 11. © 2017 Imperva, Inc. All rights reserved. Confidential11 Before Behemoth
  12. 12. © 2017 Imperva, Inc. All rights reserved. Confidential12 After Behemoth
  13. 13. © 2017 Imperva, Inc. All rights reserved. Confidential13 21 December 2016
  14. 14. Confidential14 650Gbps Throughput Hit wave Behemoth Networked Behemoths
  15. 15. © 2017 Imperva, Inc. All rights reserved. Layered Network • 20 x Local PoPs – 40G – CDN, small/medium size DDoS – Serve limited regions • 10 x Super PoPs – 500G – Large DDoS – Cover gaps and out of region traffic Confidential15 We Optimize for Both CDN and DDoS Europe Network
  16. 16. © 2017 Imperva, Inc. All rights reserved. Want the Full Story? Clear here to read the blog “650Gbps DDoS Attack from the Leet Botnet” https://www.incapsula.com/blog/650gbps-ddos-attack-leet-botnet.html Confidential16

×