How powerful is the 200G DDoS attack that LeEco suffered?
Created#More Posted time:Dec 29, 2016 9:27 AM
LeTV suffered DDoS attacks on Jul 19th, with the peak traffic amounting to 200Gbps/s, announced LeTV official WeChat account on Jul 20th, 2016. LeEco initiated the highest level contingency plan, and LeTV access was resumed to normal after a rush repair.
After the incident, many netizens couldn’t help wondering how powerful the 200G DDoS attack would have to be to cripple the website of a large internet company? How can we prevent the attacks before they emerge? To answer these questions, we need to start with what DDoS is.
What is DDoS?
Public information shows that DDoS is short for Distributed Denial of Service, and is also called traffic flooding. The main form of attack is to exploit multiple computers to send a flood of attacking data packets to a specified target server, resulting in exhausted system resources or bandwidth of the attacked server which is unable to respond to normal user requests as a result.
For an analogy, it is like the attackers hire a large number of heavy duty trucks and place all of them on the road, blocking the normal travel of other vehicles and paralyzing the traffic.
How powerful is 200Gbps?
It is widely known that due to the hardware restrictions of servers, the maximum accesses that a server can accommodate are limited. It is similar to the road mentioned above - a fixed road can carry a limited number of vehicles at the same time. Users’ online accesses will occupy a certain amount of bandwidth resources on the server. If we leave out the memory usage, the 200 Gbps of attacking traffic, converted into the traffic from ordinary consumers' devices, may be equal to 150,000 to 200,000 computers or more initiating accesses at the same time. So many malicious access requests will occupy the server bandwidth and memory resources and the server will be paralyzed because of exhausted resources.
How can internet companies prevent against DDoS attacks correctly?
TCP/IP protocols are the most extensively used data transmission protocols in the internet circle. DDoS attack is nearly the toughest to prevent among all network attacks, because of the inherent security defects in TCP/IP protocols.
There is no perfect defense against DDoS attacks currently, but we can strengthen the prevention from the several aspects below:
1. Set corresponding kernel parameters for the system so that the system can force restoration of timed-out SYN request data packets. At the same time, by shortening the timeout constants and lengthening the waiting queues, we can enable the system to quickly handle invalid SYN request data packets.
2. Adjust the configurations of routers in this network segment, including imposing limitations on traffic and number of half-open SYN data packets. Set up necessary TCP interception on the front-end of the router to only allow data packets that have completed three handshakes in TCP connection establishment into the network segment. This can effectively protect the servers in this segment against such attacks.
3. Lease highly-defensive servers. Such servers usually adopt hardware firewalls to secure servers and some functions are executed by the firewall in place of servers, so that the IP routes can be more stable, achieving defense against DDoS attacks.