The ISL Online’s website (www.islonline.com) was hit by a massive distributed denial-of-service (DDoS) attack on Friday, November 9, 2012. Although the website was hardly responsive during the attack from 12.52 CET to 21.17 CET, all ISL Online services running in the cloud were fully functional and the data security was NOT compromised in any way.

A DDoS is an attack when millions of computers all request information from the server they are attacking at the same time. The server is overloaded and unable to respond to legit requests – similar to trying to hold a conversation at a very loud party.

The DDoS was classified as a level 3 / level 4 TCP SYN Flooding attack including over 2 million IP addresses by IP spoofing. It was carried out by sending from 100,000 – 500,000 packets per second each containing 40 bytes thus generating the network traffic ranging from 32 – 160 Mbps per server affected. Each IP submitted from 3 to 6 requests per second. Read more about TCP SYN Flooding Attacks.

The ISL Online tech team started the network investigation within 3 minutes after the attack. Additional resources were added to the web server and the website was moved to the content delivery network.

By the evening all systems and services were running normally and the DDoS attack was reported to the authorities. An international investigation was launched. The penalties for such crime include up to 10 years’ imprisonment.

Surely this was not a pleasant experience. However, once again the robustness of the ISL Online Network was proved. All the ISL Online services were running normally during the DDoS attack on the web server.