This document discusses recent DDoS attacks in South Africa and Cloudflare's response. It provides details on:
- A major DDoS attack on November 19th that targeted gambling sites and news agencies with over 1 billion requests, peaking at 185,000 requests per second from over 18,000 IPs.
- Cloudflare saw a total of 2.676 billion security events in South Africa during this time, with 69% of traffic during the November 19th attack.
- Cloudflare used tools like firewall rules, rate-limiting, and its Gatebot and Security Level features to automatically mitigate attacks globally while continuing to serve local South African users.
- Additional DDoS attacks on
6. 6
Unrelated to the media coverage, this is what
Cloudflare saw on its networks
7. Highlights of L7 events
7
● 2.676 billion security events
○ 69% of all traffic to SA during the 11/19 attack
○ Following with 15 smaller attacks
● Top mitigating tools
○ Customer-defined: Firewall rules & Rate-limiting
○ Automatic/intelligent based: Gatebot & Security Level
● Mitigated globally
○ Most attack traffic was blocked in US & Europe
○ SA datacenter continued serving local users
8. 11/19 Attack
● Attacks targeted a gambling sites and news agencies
● Totalled at 1.152 billion requests (69% of all traffic to SA sites at the time)
● Peaked at 185,000 HTTP requests per second
● From over 18K unique IPs
8
9. L3/4 DDoS Attacks on JNB Datacenter
● Peaked just below 600 Kpps
● Top attack vectors:
○ DNS flood (over UDP port 53)
○ SSL flood (port 443)
○ TCP ACK floods to port 443
9
10. Impact of Breaches on Stock Price
● In the long term, breached companies underperformed the market
● After three years, average share price is up by 32.53% but down against the
NASDAQ by -13.27%
T-Mobile
US
TJX
Companies
Huntsworth
Adobe
Global Payments
Royal Bank of
Scotland Group
Monster Worldwide
Vodafone Group
Apple
12. 20M+
Internet properties
30 Tbps
Of network capacity
200
Cities and 94+ countries
72B
Cyber threats blocked each day in Q419
99%
Of the Internet-connected population in the
developed world population is located within
100 milliseconds of our network
Note: Data as of June 28, 2019.
Help Build A Better Internet
12
17. Secure Edge Architecture
LegaLegacy Cloudflare
Network Scale
Over 30 Tbps of network capacity
spanning across 190+ cities
enables to mitigate even the
largest DDoS attacks
Efficiency
Stop L7 attacks at L4, before it
even enters the data center, for
efficient resource (bandwidth and
CPU) utilization
Integration
Seamless integration between
security, performance and
reliability products
17
18. Collective Intelligence
IP reputation
Security level, Under-Attack-
Mode and Firewall rules
Request reputation
machine learning models
Engineering
expertise
Human intelligence experienced
in thwarting significant DDoS
attacks
18
19. Fast Mitigation
Measure
Cloudflare continuously measures a
variety of parameters including TCP flows,
UDP packets, requests and more, to
protect any Internet asset - on-premise or
in the cloud
Analyze
Cloudflare-built automated systems (gatebot and dosd)
analyze attack fingerprints, anomalies, rules, blacklists and
more, to quickly identify and triage the attack
Mitigate
Automated systems recommend 400K+
dynamic rules per second for fast
mitigation. These rules are applied locally
or globally based on the attack type. In
addition, customer-defined static rules
enable 0s mitigation
<10sTime-to-mitigate for
L3/4 DDoS attacks
19