How Cool Ideas fought off a “zombie attack”

Cool Ideas recently experienced a series of DDoS attacks which had a severe effect on the quality of its network.
Customers reported connectivity issues for the extent of the attack periods, and Cool Ideas was hard-pressed to implement DDoS mitigation and defend their network.
Cool Ideas co-owner Paul Butschi told MyBroadband that the attack was originally a classic DNS Amplification attack.
“There usually isn’t much chance of identifying the source of the attack due to the nature of how DDoS attacks are initiated,” he said.
Butschi explained that poorly configured ‘zombie’ devices on the Internet were used to send a massive amount of ‘spoofed’ traffic to their network.
Zombie attack
Cool Ideas delivered a similar analogy to its customers on Friday 27 September, when it sent out an explanation for the service interruption to customers.
In this communication, the ISP described a DDoS attack as “the equivalent of thousands upon thousands of ‘The Walking Dead’ zombies on a highway heading to our network”.
“What this ‘zombie attack’ means is that someone with malicious intent flooded our highways from London (where we pick up a large amount of the world’s Internet) towards South Africa, with tons of useless traffic that wasn’t really destined for you,” Cool Ideas told its customers.
It added that customers’ Netflix streams may have been working, but other international sites could have been slow to respond.
“What the zombie attack did was to affect the international highways with so much congestion that even non-zombie traffic struggled to reach your fibre connection,” Cool Ideas said.
This is a good analogy for the way DNS Amplification attacks work, as they rely on blasting target servers with large amounts of requests and giving them no time to serve legitimate requests.
Defending
Cool Ideas explained that using a firewall or “backup paths” to defend against this zombie attack was not feasible, and instead it had to increase capacity.
“During the periods of the attacks, we employed the use of some zombie-scrubbing services from our partners such as Internet Solutions, and used as much of our backup capacity to balance things as we could,” the ISP said.
“We are upgrading the width of our highways in London by a factor of 14 in order to provide additional lanes, which allows for better inspection.”
In short, Cool Ideas is improving its network architecture and international routing to better defend against DDoS attacks targeting its international traffic.
It added that it has also implemented specific anti-DDoS inspections in London before allowing traffic to South Africa.
“We had this system in place before, but the size of these attacks were simply overwhelming the existing inspection capacity.”
Cool Ideas assured customers that it takes these attacks very seriously and will continue to combat them to the best of its ability.
“We won’t stand down, surrender, or give up,” Cool Ideas said. “We avail ourselves to the people and communities we engage with.”