Analysis of a DDoS attack
Traffic analysis and attack detection
To detect the attack, we use the netflow sent by the routers and analysed by our detection solutions. Each router sends a summary of 1/2000 of traffic in real time. Our solution analyses this summary and compares it to the attack signatures. If the comparison is positive, the mitigation is set up in a matter of seconds.
The signatures analysed are based on the traffic thresholds in "packets per second" (Pps, Kpps, Mpps, Gpps) or "bytes per second" (Bps, Kbps, Mbps, Gbps) on a certain packet type such as:
- IP Fragment
- IP NULL
- IP Private
- TCP NULL
- TCP RST
- TCP SYN
- TCP ACK
Depending on the attack type and size, the mitigation setup can take between 5 and 120 seconds.