In Q4 of 2024, NSFOCUS observed and successfully mitigated the largest DDoS attack ever recorded under the cloud-based DDoS Protection Service (DPS). This massive DDoS attack targeted a telecommunications service provider, one of NSFOCUS’s global clients.
The telecommunications industry frequently faces such cyber threats. However, the scale of this attack was unprecedented, with peak traffic once reaching 913.1 Gbps and a total traffic volume of 1207.44 TB.
Leveraging NSFOCUS’s extensive cloud scrubbing bandwidth and over two decades of DDoS protection expertise, we effectively prevented business disruptions and inaccessible services for our clients. By employing Anycast technology, we rapidly distributed the DDoS attack traffic to the nearest scrubbing nodes, ensuring minimal network latency and unperceived DDoS protection for our clients, ultimately safeguarding them from this colossal traffic attack.
Following the attack, the NSFOCUS DPS team conducted a comprehensive analysis of the entire event. Through packet capture analysis, we identified that the primary attack methods were TCP reflection attacks and SYNACK attacks (categorized under the “Manual Strategy” category), accounting for 99% of the total traffic.
The NSFOCUS DPS team also performed a geolocation analysis of the attack traffic, revealing that the primary sources were the United States, Brazil, China, Ukraine, and Sweden, with the United States contributing the most at 47% of the total attack traffic.
During this incident, the NSFOCUS DPS team analyzed the attack traffic, promptly obtained traffic characteristics, and optimized protection algorithms based on the client’s business information and attributes. We flexibly updated and switched DDoS protection policies to ensure the secure and stable operation of the client’s business systems, achieving a 99% scrubbing efficiency during several peaks nearing 1 Tbps, effectively safeguarding the client’s network infrastructure.
The client was highly satisfied with NSFOCUS’s rapid response, precise attack analysis, and exceptional protection capabilities, significantly boosting their confidence in the NSFOCUS DDoS Protection Service.
With the escalating threat of large-scale DDoS attacks posing continuous risks to organizations worldwide, NSFOCUS offers the following recommendations to optimize your security posture:
- System Vulnerability Screening: Filter unnecessary services and ports to significantly reduce the likelihood of vulnerable services being compromised, minimizing potential damage from attacks.
- Targeted Protection Policies: Configure tailored protection policies for business systems prone to attacks, such as websites, DNS, and APIs, to minimize the probability of false positives and negatives.
- Deploy DDoS Protection Solutions: Establish traffic model baselines using traffic learning, AI analysis, and behavioral analysis to generate protection policies tailored to local business needs, maximizing protection efficiency.
- Leverage a trusted cloud-based DDoS Scrubbing Provider: Expand local protection capabilities by partnering with DDoS cloud scrubbing providers to achieve tiered scrubbing and precise protection.
NSFOCUS DDoS Protection Service (DPS) provides DDoS protection for clients globally. With eight scrubbing centers deployed worldwide, we support up to 7 Tbps scrubbing capacity while ensuring optimized latency. After clients connect to our cloud services, our expert team customizes protection policies based on their business characteristics, closely monitoring protection effectiveness during attacks. Our SOC team offers 24/7 policy optimization and emergency response services, providing comprehensive business protection and response support.
For more information on DDoS mitigation or other security solutions, please feel free to contact us.
