Full Story
On January 17, 2024, just before 2:00 p.m., many alerts began to be received regarding the detection of DDoS attacks on the Customer’s IP address space.
The attacks included more than 2,000 different vectors of attacks, in the capacity of 1Tbps of traffic that were blocked by FlowSec’s system. The attacks lasted for more than 14 hours.
The system detected the attacks and created signatures that were sent to the relevant CSP’s routers.
During the detection of the attacks and the creation of signatures, email alerts were sent for each signature, in total over 2,000 alerts.
Due to intermittent leaks of the attack, as a result of the attack vectors changing frequently, and to optimize and speed up the protection of the client's addresses, FLOWSEC team analyzed the traffic characteristics and added manual signatures to the client's networks.
At the end of the attacks and after the traffic returned to normal traffic levels, the signatures were removed from the CSP’s routers according to system settings.
Due to the volumetric attacks, we decided (in coordination with customer representatives) to leave the initiated signatures and continue to monitor the traffic.
See below reports and diagrams of attacks.