Denial of Service

     We were hit with two denial of service attacks today.  The first was close to 9AM and only lasted a few seconds.  The second was between 3:00pm and 3:45pm lasting 45 minutes.

     After analysis of the traffic, I determined that it was not possible to block this type of attack without disrupting legitimate traffic.

     The real problem is that our router is not able to handle the volume of packets that can be generated easily these days.  Simply put, it doesn’t have enough CPU to examine 100,000 packets per second.

     I ordered a replacement router today, the existing unit is one that we have used since 1995.  The replacement should be here in 7-10 days and should handle more than 10x the traffic in terms of packets per second than our current router is completely swamped by.  In addition, it will change our edge interface from 100mb/s half duplex to 1G/s full duplex.

     It is possible for a denial of service attack to generate as much as 46G/s and that would overwhelm even our new router but the majority of attacks we’ve seen lately have not even been 100mb/s and instead of exhausting bandwidth are exhausting router CPU.