As you are no doubt aware, the frequency of DDoS attacks has been increasing at an alarming rate in recent years.
DDoS attacks are now the most common sources of data centre outages - rising from 2% in 2010 to 18% in 2013. Perhaps more worrying than the increasing frequency is the increasing intensity of attacks. Attackers have been successful at innovating, finding new and ever more disruptive ways to attack their victims' systems
In its Distributed Denial of Service Trends report for the fourth quarter of 2014, Verisign states that it saw not only increased levels of attack activity but that the average attack size increased by a massive 245% compared to the previous year. In addition it reports that it observed several attacks "reaching 300 Gbps and 24 Mpps for UDP floods and 35 Gbps and 90 Mpps for TCP attacks", although it only takes an attack a fraction of these size to take many businesses offline.
We saw a very similar trend here at ServerSpace. By the end of March 2014 we had already experienced two 10Gbps attacks that temporarily paralyzed our network and caused a loss of service to some customers.
The challenge for hosting providers is that a DDoS attack aimed at one business can easily disrupt services for others. While DDoS protection may still be considered a luxury for some, we believe that all our clients, for whom our network is often a critical part of their business, deserve to be protected from this rising menace.
Our approach to DDoS protection
For this reason, in 2014, we took the decision to provide network level DDoS mitigation services to all of our customers as standard. While the changing nature of DDoS attacks makes it impossible for any organisation to completely protect itself, we have put in place what we believe the best solution under the current circumstances. This enables us to protect all customers from disruption from attacks not aimed at them and, for a reasonable charge, keep those that are attacked online and operational.
How our network level DDoS mitigation measures work
In order to protect you from DDoS attacks aimed at you or at others, we have deployed an on-net DDoS mitigation solution built on the industry leading Arbour Networks Peakflow platform.
This solution monitors network traffic in real time, detects threats as they occur and instantly begins scrubbing malicious traffic, while authentic traffic is delivered to its intended destination. This is all performed on-net, without sending traffic to an external scrubbing centre, the advantage of which is reduced response time and latency.
Less than ten days after we implemented the new system, our network was subjected to another sizeable attack. We are pleased to say that the attack was successfully rerouted and mitigated automatically without any effect on our services. Since then, our network has been subject to the same high volume of attacks per month that our entire industry has seen and all have been effectively mitigated.
We understand the inconvenience, frustration and financial loss that DDoS attacks can cause, which is why we have taken the step of offering basic protection to all our clients.