DDoS Attacks on Israeli Large Industrial Company

November 11, 2024
 DDoS Attacks on Israeli Large Industrial Company

The Challenge

Target
Large Israeli Industrial Company's IP address
Duration
Over 14 hours
Attack Volume
1Tbps of traffic with more than 2000 different vectors of attacks
Attack Peak
DDoS attack vectors changing frequently

Full Story

On January 17, 2024, just before 2:00 p.m., many alerts began to be received regarding the detection of DDoS attacks on the Customer’s IP address space.

The attacks included more than 2,000 different vectors of attacks, in the capacity of 1Tbps of traffic that were blocked by FlowSec’s system. The attacks lasted for more than 14 hours.

The system detected the attacks and created signatures that were sent to the relevant CSP’s routers.

During the detection of the attacks and the creation of signatures, email alerts were sent for each signature, in total over 2,000 alerts.

Due to intermittent leaks of the attack, as a result of the attack vectors changing frequently, and to optimize and speed up the protection of the client's addresses, FLOWSEC team analyzed the traffic characteristics and added manual signatures to the client's networks.

At the end of the attacks and after the traffic returned to normal traffic levels, the signatures were removed from the CSP’s routers according to system settings.

Due to the volumetric attacks, we decided (in coordination with customer representatives) to leave the initiated signatures and continue to monitor the traffic.

See below reports and diagrams of attacks.

Graph 1 – Block attack during 14 hours.
Graph 2 – Top Hosts during the attack and the volume of traffic that was blocked

Flowsec Achievements

  • The customer kept working as usual during this massive attack.
  • The system quickly detected the attacks and created signatures that were sent to the CSP’s routers
  • The Uplink Service Provider implemented a BH-type signature created by FLOWSEC to addresses with abnormal traffic of over 2Gbps to a single address

 

Contact Us

    FLOWSEC Ltd.

    Accessibility Toolbar