Citala icon
Citala
DDoS Protection
ISP MSSP Enterprises National Security
Monitor icon
Monitor
Network Visibility
Monitor Solution
Case Studies

Mitigation of Large DDoS Attacks on Israeli Service Provider

December 29, 2024
Mitigation of Large DDoS Attacks on Israeli Service Provider

The Challenge

Target
Large Israeli Service Provider’s IP address
Duration
Over 7 hours
Attack Volume
600 Gbps of traffic with more than 1,500 different vectors of attacks
Attack Peak
Attack vectors changing frequently

Full Story

On January 23, 2024, just before 8:00 p.m., many alerts began to be received regarding the detection of DDoS attacks on the Service Provider’s IP address space.

The attacks included more than 1,500 different vectors of attacks, in the capacity of 600Gbps of traffic that were blocked by FlowSec’s system. The attacks lasted for more than 7 hours. The system detected the attacks and created signatures that were sent to the CSP’s routers. Examples of attack signature properties are source IP, Destination IP, port,  source port, destination port, protocol, packet length, UDP, ICMP, and TCP flag.

In the first step, the system sends signatures to the CSP’s router and blocks the DDoS attack
During the detection of the attacks and the creation of signatures, email alerts were sent for each signature, in total over 1,500 alerts.

Due to intermittent leaks of the attack, as a result of the attack vectors changing frequently, and to optimize and speed up the protection of the Service Provider's networks, the team analyzed the traffic characteristics and added manual signatures to the Service Provider's networks.

DDoS Attacks Mitigation

As part of the DDoS attack mitigation process, we analyzed the path of the traffic that was under attack. Our investigation revealed that the attacked traffic was transferred via one of the major CSPs in Israel. To resolve the issue, we sent the attack signatures to the routers of this CSP, which successfully blocked the malicious traffic and cleaned the pipe leading to the attacked CSP.

At the same time, the Uplink Service Provider implemented a BH-type signature to addresses with abnormal traffic of over 2Gbps to a single address. At the end of the attacks and after the traffic returned to normal traffic levels, the signatures were removed from the CSP’s routers and the upstream Service Provider according to system settings. Due to the volumetric attacks, we decided (in coordination with Service Provider representatives) to leave the initiated signatures and continue to monitor the traffic.

See below reports and diagrams of attacks.

Graph 1 – Blocked DDoS attacks during 7 hours
Graph 2 – Top Hosts during the DDoS attack and the volume of malicious traffic that was blocked

Flowsec Achievements

In order to optimize and speed up the DDoS protection of the Service Provider’s networks, Flowsec team analyzed the traffic characteristics and added manual signatures to the Service Provider’s networks.

Back to Case Studies

You Might Also Be Intrested in

December 4, 2024
Mitigation of Large DDoS Attacks on Israeli Telecommunication Provider
Read More
November 11, 2024
DDoS Attacks on Israeli Large Industrial Company
Read More
CSP DDoS Protection DDoS Attack DDoS CSP DDoS ISP DDoS Mitigation Case Studies DDoS Service Provider DDoS Telecom Flowsec ISP DDoS Protection

Contact Us

    Flowsec Ltd.

    Flowsec provides cutting-edge SaaS DDoS protection solutions for ISPs, CSPs, enterprises, MSSPs, and the national security sector. With multi-tenant and global shield technology, Flowsec enables communication service providers to offer advanced DDoS protection services to their customers.

    Accessibility Toolbar