Fighting denial-of-service attacks has become a matter of survival for some businesses that find their websites getting smashed and network flooded by attackers. Online gaming company SG Interactive says it's under constant attack and the only way to keep going is to set up an anti-DDoS defense.
"It was crushing our firewall, and then the attacker changed the pattern a few days later with a DNS recursive attack," says James Kim, senior systems engineer at Irvine, Calif.-based SG Interactive, which operates Web servers and applications that provide online games such as Pangya, MMORPGTrickster Online and Gamerage.com.
In recounting the DDoS attacks that have become commonplace over the last few months, Kim notes there were SYN floods that oversaturated the network, coming two or three times per day, sometimes lasting up to 12 hours. At one point it seemed to reach almost 5Gbps in attack traffic, he says, negatively impacting online game players.
And as to why it was happening, Kim can only speculate, wondering if a competitor had a grudge of some kind. But the DDoS attacks were threatening the survival of the online gaming business.
After a review of the some of the anti-DDOS gear on the market, SG Interactive installed the Corero Network Security gear last March to scrub traffic. It's managing to prevent unwanted traffic from killing the online gaming business, but the DDoS attacks haven't ended, Kim says. "Someone is not giving up," he adds.
Other vendors offering anti-DDoS gear include Arbor Networks, Radware and Prolexic, which has both a hardware and services component. Prolexic today provided tips on how companies may want to validate their DDoS defenses.
According to Prolexic:
- Test small amounts of traffic without scrubbing and without any DDoS protection to validate that your on-premise monitoring systems are functioning correctly. This action will also help you identity the stress points on your network.
- Make sure a "mitigation playbook" is part of your incident-response plan.
- With the anti-DDoS mitigation in place, test to make sure your applications are working properly.
- Verify that all routing and DNS is working.
- Even if there is no sign of a DDoS attack for a long period, test regularly to validate the configuration that was set up is still working correctly - and eliminate the risk of a network element failing due to a DDoS attack.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: firstname.lastname@example.org.
Read more about wide area network in Network World's Wide Area Network section.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.