Case Study: A 400G DDoS Attack Event Captured By NSFOCUS in Hong Kong S.A.R.

Case Study: A 400G DDoS Attack Event Captured By NSFOCUS in Hong Kong S.A.R.

julho 6, 2021 | Jie Ji

Event look back

A NSFOCUS Cloud DPS customer with their servers located in Hong Kong SAR has encountered a series of mass DDoS attacks lasted for four (4) days, from June 20th to 24th.

The attackers managed to create serval spikes including the biggest one reaching 399.2 Gbps and followed by another at 360 Gbps. It is noticeable that both the abovementioned two (2) main spikes start in the night after 20:30 so it seems that attacker do understand the busy hours of customer’s business and make it on purpose.

UDP flood is the major type of the attacks and occupies over 99% of the traffic.

Effort and result

At the very beginning when the customer connected to NSFOCUS Cloud DPS one month ago, NSFOCUS SOC experts studied the customer traffic characteristics and applied a set of optimized protection policies to maximize the mitigation effect.

Thanks to the always-on mode, the attacks are automatically mitigated at zero seconds when its arriving and mitigation status are proactively monitored by NSFOCUS 24/7 SOC. Traffic samples are also captured instantly to check and verify that the current policy works and optimization can be done when necessary.

In this event NSFOCUS Cloud DPS managed to mitigate more than 99.8% of malicious traffic and only few megabits reached the customer, services are not affected.