DDoS Attacker Caught in the Act

August 4, 2015 — netequalizer

Before the telescope, planets and stars were just dots of light to the human eye. Before the invention of X-rays, and the MRI, doctors often could not determine the cause of a problem until a person was in an autopsy room.

Today, there is no reason to remain blind to DDoS and hacking intrusions.

This morning I got a text message from our training engineer at a customer site. “Just stopped a Chinese DDoS attack at the #### school.”

Our training engineer was not even doing a security audit. He was simply walking through the features of our product. He had scrolled over to our DDoS monitoring tool, and right away this attack popped out. It was as clear as a large cancerous tumor in an MRI. He noticed an outside entity was bombarding the customer link with all kinds of queries.

The attacker stood out because our DDoS tool identifies uninvited queries, as well as gives you a count of how often they are hitting your enterprise. Our engineer then checked the source of the incoming IP, and thus removed any lingering doubt that this was a hostile attack. The requests were originating from China, which was not an expected source of traffic on this school’s network.

This wasn’t yet a full-scale DDoS attack, but the warning signs were clear. The attacker happened to be hitting port 22, probing for login vulnerability on all the servers inside the school. From the frequency of the incoming requests, it was obviously a bot. Combining the frequency of hits with the fact that it was an uninvited outside IP address, it stood out like a sore thumb in our DDoS monitor (easily flagged). Once identified, the IT administrator at the school was then able to block the IP, averting any further shenanigans from this hacker.

In everyday life, we’re able to identify warning signs and act accordingly for our own protection. For example, if a person showed up at your front door wearing a ski mask with an AK-47, you would likely not let them in, right? The threat would be obvious. The point is it should not be expensive or impractical for the average layman to also easily spot a security risk on a network. You just need a tool that exposes them.

You Also Might Like

Firewall Recipe for DDoS Attack Prevention and Mitigation

Posted in DDoS. 1 Comment »

One Response to “DDoS Attacker Caught in the Act”

  1. NetEqualizer News: August 2015 | NetEqualizer News Blog Says:
    August 11, 2015 at 3:32 PM

    […] DDoS Attacker Caught in the Act […]


Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

«

»
%d bloggers like this: