Explanation of the incidents related to DDoS attacks in the period from 31.12.2013 to 01.05.2014

Explanation of the incidents related to DDoS attacks in the period from 31.12.2013 to 01.05.2014 The first signs of the beginning of an attack on one of our clients (a large chain of pizzerias) appeared December 22, 2013 attack was targeting of signs, the attackers made ​​targeted TCP_SYN, UDP_Flood DDoS. Network infrastructure and protection from DDoS ensure client health.
After a week of unsuccessful attempts to carry out targeted DDoS attacks, the attackers changed the type of attack, and December 31, 2013 began a massive DDoS attack the entire infrastructure and address ranges Cloud4Y with an emphasis on finding the address space of the attacked Client.
Infrastructure and Cloud4Y withstand this type and level of attack as urgently been reconfigured DDoS-protected equipment and increased its sensitivity.
In connection with the attack failed, 02.01.2014 attackers made ​​adjustments to the policy of attack: increased power at times and launched a massive attack of all the main operators providing Internet peering Cloud4Y.
Part of autonomous systems backbone operators has been completely disabled. The remaining operators engineering services produced urgent reconfiguration of equipment and set levels of suppression of data streams, because it exceeds the maximum value that the equipment can withstand. According to reports, one of the main operators, the intensity of the attack reached 4.5 million packets per second, but because, Cloud4Y has multiple redundancy external channels, health and availability Cloud4Y ensured and in this state, but the packet loss occurred.
As well, the effects could be observed due to the constant rebuilding routing backbone operators, since, due to overload left their external peer connection.
Attack on cloud resources Cloud4Y was completed on January 5 at 19:14. Uke client currently initiates production of an incident in the Office of Special Technical Measures (USTM MVD) for a criminal investigation into the actions of malicious intruders.

Brief chronology of events: 
2-31 December 2013: conducting targeted TCP_SYN, UDP_Flood DDoS Attack.
December 31, 2013: 17-25 Moscow time: the beginning of a massive network attack and autonomous system Cloud4Y superior peering operators.
5January 2014: 19:14 Moscow time: stop DDoS-attacks

Type of DDoS attacks:TCP SYNFLOOD, UDP SYNFLOOD, ICMPFLOOD, TCP SYNACKFLOOD Upon request, the client provides the IP addresses of the technical network on a different channel. The average intensity of the attacks on the routing equipment Cloud4Y: ~2.3 million requests per second (50-100 times higher than the standard load). Maximum intensity of the attack: ~ 4.5 million queries per second (100-200 times higher than the standard loads). Consequences: periodic partial loss of transport external internet (L2 channels Clients that did not affect) networks.
Action plan to prevent recurrence of similar situations: Aware of the risks of our clients regarding health services, including reputational risks, following decisions were taken: 
  • revision architecture routing, in terms of increasing the volume of routing equipment and balancing for two sites M9 and M10
  • revising of the list of the operators, providing peer-to-peer the Internet channels
  • expanding the list of operators and Internet channels capacity peering groups
  • increase the capacity of the filter (from DDoS attacks) equipment
  • attraction operators with specialized Internet peering "clean channels" 

We sincerely apologize for the inconvenience. 
On the provision of compensation, please contact your account manager.
Scroll up!