Preventing DDoS attacks by blocking illegitimate traffic

The digital world is becoming an increasingly important part of our society. A huge number of applications have become indispensable to our daily lives. This is particularly true in a professional environment. Digital connection is essential for all types of organisations, so that they may continue operating and information may circulate. These days, we need to maintain connections between the company, its partners and customers at all times. What’s more, the number of connected objects is growing. They collect information, speed up operational processes, help improve efficiency and support the development of new services.

Two sides to every coin

By opening up their IT systems, organisations can explore new avenues for development. Employees benefit from greater flexibility as they are able to work from anywhere. More powerful IT solutions, in the cloud for example, make it easier to process data and provide better customer service. But there are two sides to every coin. This opening up to the outside world also leads to new risks. Denial-of-service attacks are now common, as cybercriminals seek to paralyse businesses or degrade their services by saturating connectivity channels.

How does a DDoS attack work? 

There are two main ways of doing this.

A volumetric attack aims to direct a large volume of data to an IP address, saturating the network bandwidth, which is the line that connects the company to the outside world. The volume of illegitimate traffic is such that legitimate traffic no longer reaches its target. Data and requests do not reach their destinations. As a result, the service is degraded or inoperative.

For organisations with very high bandwidth, another strategy is to undermine the ability of the company’s systems to handle requests from the outside. In this case, firewalls are often targeted. For each request, they must open a session. By sending illegitimate requests, cybercriminals seek to break down firewalls. In this case, it is no longer the network that is targeted, but the company’s systems directly.

Increasingly frequent DDoS attacks

With the emergence of the Internet of Things (IoT), cybercriminals continue to gain firepower. Connected devices such as sensors, printers, heating systems, cameras, speakers and many other gadgets are often poorly secured. Cybercriminal groups can easily hijack them so that these millions of objects generate illegitimate traffic that they can direct to an organisation’s IP address.

In September 2022, POST’s services detected 561 DDoS attacks in Luxembourg. The numbers are growing by the month, and so is the impact. The largest volumetric attack in September was 2 Gbps. The highest number recorded this year was 15 Gbps.

Further reading: Protecting your SME from cyber threats

How to protect your Internet services from DDoS attacks

In order to protect themselves from DDoS attacks, organisations need to work with their Internet Service Provider (ISP), like POST. The challenge is to mitigate DDoS attacks by blocking illegitimate traffic well in advance to ensure that legitimate traffic remains a priority.

With this in mind, POST offers several solutions for mitigating DDoS attacks. These solutions are supported by our scrubbing centre. This infrastructure works like a washing machine, separating legitimate traffic from fake traffic. This device can be used to block malicious traffic and requests.

Attack-based filtering or permanent filtering 

Depending on how critical their business is, organisations have two options.

The first – DDoS Mitigation Traffic Protect – involves passing all traffic through the scrubbing centre once an attack has been detected, so that it can be filtered.

Under the second option – DDoS Mitigation IN-Line – all traffic passes through the scrubbing centre at all times, and mitigation takes place in real time. The organisation has permanent protection. This option is justified if the connected applications are considered critical, in the financial or medical sectors, for example.

How does the mitigation solution filter traffic? 

Implementing this application involves analysing the company’s traffic in normal times, in other words, when there is no attack. Various parameters are considered, such as the origin of incoming requests, to identify what is legitimate and what is not. Under the first option, the analysis is carried out before the service is implemented, over a period of 7 days. Under the second option, legitimate and illegitimate traffic are compared on an ongoing basis in order to refine the filtering.

Integrated SOC solutions to thwart any attack

At POST Luxembourg, we are constantly updating our DDoS protection solutions. They are part of our Cyberdefence service, based in our Security Operations Centre, which has been set up to monitor attacks on our customers and counter them as effectively as possible.