Protection Against DDoS Attacks
A distributed denial of service attack (DDoS) is an attack on online resources and services aimed to suspend their activity and make them difficult to access.
The complexity and negative consequences of DDoS attacks are constantly increasing. Whereas in 2005 the largest recorded DDoS attack was merely 3.5 Gbps, today the amount of data transferred during an attack has increased up to 80 Gbps, enough capacity for the attackers to impact even the national-level networks.
Group-IB provides a comprehensive approach to DDoS protection with a combination of specialized hardware and software, dedicated channels to counter even the largest attacks, and the experience of our experts. The client’s traffic is passed through a filtering network, coming out purified. Regardless of whether the attack is over or a new one has begun, the client’s resources will not exhibit any additional loads and will always be protected.
Even if you are not currently subscribed to one of our support services but are under attack, LETA Group and Group-IB are ready to immediately begin suppressing the attack. Group-IB’s points of presence are located around the world, allowing us to respond to an attack promptly, stopping it at the source. Access to domestic and international filtering systems gives LETA Group and Group-IB the ability to do the following:
- Block “parasitic” traffic the volume of which threatens the main channels of the leading providers;
- Reduce the service cost as much as possible for clients exceeding even the 27 Gbps threshold during an attack;
Traffic routing is performed in two main ways, and can be modified or combined based on the individual needs of the client.
DNS forwarding (proxy)
The client is provided with an IP address in a protected network (IPN). By changing the DNS, all of the client’s traffic is routed via Group-IB’s network infrastructure. Once it has been purified of malicious content, the traffic is routed back into the client’s network. This is the fastest and most basic method.
DNS forwarding with subsequent GRE tunneling (to protect HTTPS traffic)
This protection option is appropriate for resources using the HTTPS protocol. The difference from the above-described method is that the traffic is routed via the GRE protocol between Group-IB’s network infrastructure and the client’s servers.
The procedure for activating this DDoS protection service is a simple three-step process, usually requiring less than two hours (depending on the DNS records update), allowing you to start purifying your traffic within 30 minutes.
Contact Group-IB to find out how to activate this service.
You will be informed of the costs based on the volume of legitimate traffic generated within the normal levels of operation excluding attack traffic. A scanned letter of payment guarantee is enough for immediate service activation.
You will be provided with an IP address to which you will need to change the A-record of the DNS zone in your hosting configurations. Within 4 hours of changing the A-record (depending on the DNS records update), all traffic will be routed through Group-IB’s distributed network and directed back to your server purified of malicious content.
In practice, the suppression of a DDoS attack can take anywhere from 1 to 24 hours, depending on the volume and the client’s preparedness to promptly change equipment configurations.
Existing alternatives (traditional methods)
Usually, special hardware solutions are used to protect against DDoS attacks, server and network equipment or broadband not available from all providers. These solutions are too expensive. The existing hardware is only effective against 80 or so types of standard DDoS attacks carried out by primitive botnets, and powerless against powerful “smart” cyber-attacks which take into account the algorithms of the protection system, bypassing it.