Full Story
On January 17, 2024, just before 2:00 p.m., many alerts began to be received regarding the detection of DDoS attacks on the FlowSec customer’s IP address space.
The attacks included more than 2,000 different vectors, with a capacity of 1 Tbps of malicious traffic that was successfully blocked by FlowSec’s ISP DDoS Protection system. The attacks lasted for more than 14 hours.
The ISP DDoS Protection system detected the attacks and automatically created mitigation signatures, which were then sent to the relevant CSP’s routers.
During the detection phase and signature creation, email alerts were generated for each new signature—over 2,000 in total.
Due to intermittent leaks caused by frequently changing DDoS attack vectors, and in order to optimize and accelerate the protection of the client’s IP address space, the FlowSec team analyzed the traffic patterns and added manual signatures directly to the customer’s networks.
After the DDoS attacks subsided and traffic levels returned to normal, the mitigation signatures were removed from the CSP’s routers according to system configurations.
However, given the volumetric nature of the DDoS attacks, the FlowSec team—together with customer representatives—decided to keep the initiated signatures in place and continue to monitor incoming traffic through the ISP DDoS Protection system.
See below for detailed reports and diagrams of the DDoS attacks.
