Fighting DDoS

DDoS are getting more and more frequent. They have turned into a major concern for most Internet connected platforms. The tremendous amount of traffic generated by these attacks make it impossible to stop DDoS without either a cloud based/ISP scrubbing solution or oversized network edge and in-house scrubbing capabilities. BORDER 6 takes a realistic approach to that fact.

NSI helps in detecting DDoS and executing automated actions when they occur to make sure that their impact remains limited and scrubbing platforms can actually protect the Cutomer’s network.

DDoS detection

NSI operates a statistical DDoS detection module that reliably identifies DDoS situations and triggers preconfigured actions.

The DDoS detection mechanisms implemented within NSI are based on a set of industrial algorithms that compute real-time statistical data and executes correlation calculations with variable time windows. The output allows the NSI solution to detect any sudden change in traffic’s behaviour, including (but not restricted to) any aggressive increase of unsolicited NTP traffic and any unusual UDP flow, abnormally high levels of SYN-flagged TCP packets, infractions to multiple traffic ratios baselines.

DDoS Mitigation

Once a DDoS attack is detected, some actions might need to be taken. NSI is designed as a generic SDN controller, meaning that it is not limited to any finite numbers of scenarios.

The way you react to DDoS is up to you:

  • BGP blackholing
  • Applying dynamic ACLs to edge routers or requesting ISP protection through FlowSpec
  • Announcing specific communities to your upstream providers
  • Shutting down non-scrubbed transit/IX connections
  • Anything else…

And when in doubt, our engineering team is always ready to assist with integrating NSI within complex anti-DDoS configurations.