How Cool Ideas fought off 500Gbit/s cyberattack

Someone really seems to have it in for fibre Internet service provider Cool Ideas.

The company came under another sustained distributed denial-of-service (DDoS) attack at the weekend, which crippled services for its customers.

At one point, it said, its network was flooded with 500Gbit/s of junk traffic, affecting the ability of its customers to connect to both local and international websites.

In a letter to clients on Monday evening, Cool Ideas said the latest attack started at 10.30am on Saturday, after which is began scrubbing the “dirty traffic” on its recently upgraded infrastructure in London.

“This scrubbing infrastructure was implemented as the result of projects initiated after the previous attacks in September,” it said. It upgraded its upstream capacity in London by a “factor of 14” and implemented technology to “clean” traffic from the DDoS attack before it reached South Africa.

“By late afternoon on Saturday, our engineers determined that the 14 additional lanes of capacity that we added was simply not coping.”

It contacted its upstream providers, Hurricane Electric and Cogent, and was informed by Hurricane that more than 300Gbit/s of “attack traffic” was flooding its network. The figure from Cogent was more than 500Gbit/s.

“Working through the night with Cogent engineers, we once again went back to our original mitigation strategies of just declining ‘zombie’ traffic instead of scrubbing — which require some re-engineering of our infrastructure,” the company said.

South African attack

The problem was that the attacks weren’t limited to London, as they were previously, but also came from within South Africa’s borders, starting on Sunday. This affected services in Cape Town, though the attack was mitigated with the help of local Internet exchange point NAPAfrica, where ISPs interconnect with one another.

“By 11pm on Sunday, the attack was fully mitigated and the attack ceased at around 1am on Monday,” Cool Ideas said.

“The unprecedented scale and increased incidents of cyberattacks against South African Internet and other companies is mind-boggling,” it added. “In short, this new attack surprised us with its scale. We thought we had bigger guns after we completed our London upgrades in October, but we were wrong,” it said, adding that it is now “getting even bigger guns” to fight future attacks.

“We are in the process of configuring scrubbing capacity with specialised facilities in the UK and the US. We will still keep using our additional capacity and existing detection and scrubbing systems, but if a larger volume attack happens, we will be able to hand off the bulk of it to a more specialised provider.”  — (c) 2019 NewsCentral Media