{“lastseen”:”2025-09-08T20:27:18″,”description”:”We recently mitigated a 1.55 terabit per second (Tbps), DDoS attack for a steady customer of ours. This particular customer is a reputable domain name service (DNS) provider. I\u2019ve personally used them for over a decade to register domains for all the projects I will never complete or, tbh, start. But anyway!\\n\\nInfrastructure like DNS is often _collateral damage_ in the many thousands of skirmishes that happen across the internet every day. Here\u2019s a semi-contrived example of how a DNS provider might fall under attack even though they are an innocent bystander.\\n\\nSupposed that two cryptocurrency miners are in fierce competition. Each wants their proof of work (PoW) calculations to post to the blockchain first, earning them money (no prizes are given for second place). So, they begin to attack each other\u2019s ecosystems. They target and attack each other\u2019s network egress and any open ports. Both sides harden their defenses and start to use proxies to \u201chide\u201d their servers. Eventually there is no attack surface left except each other\u2019s DNS provider. So, they attack these third parties, hoping to make their competitor\u2019s compute clusters unable to resolve the blockchain node on which to post their PoW. The poor DNS provider, who is not even a competitor of either of these two miners, thus comes under attack.\\n\\nNow imagine this scenario across every industry (not just crypto) and you start to see the scale of the problem. This customer, and many organizations like them, are basically being shelled every day with TCP floods, UDP floods and all manner of network mischief.\\n\\nWhen our DNS customer was attacked, they initially saw 20 Gbs of network traffic hit their network. We detected it within seconds, and our mitigations kicked in and we started blocking – you can see the initial traffic spike in our graph below.\\n\\nThe attacker started attacking with a TCP flood but we mitigated it quickly. They then tried UDP, but we mitigated that too. They switched back to TCP, and then back to UDP a couple of times before giving up.\\n\\nWe often see many more vectors attempted during the attack, but perhaps the attacker was hoping that the volume of 1.5 terabits (not insignificant, no matter what you might otherwise hear) would be sufficient to overwhelm defenses.\\n\\nThe attacker did at least launch their attack globally such that **30 of our 60+ global points of presence became involved in the defense of the customer.** Multicast for the win, am I right?\\n\\n## What does it mean?\\n\\nDifferent types of completely legitimate companies find themselves under daily attack. DNS is one of them. Gaming; another, crypto; another, etc. Like non-military actors in an occupied zone like you might be hearing about in the news around the world today, these legitimate organizations are being attacked all day, every day. They never know when the next \u201cbomb\u201d will hit.\\n\\n**When we look back at the past 90 days of activity for this customer, we had mitigated 2,484 discrete attacks against them. That\u2019s a new attack every hour.**\\n\\nWelcome to the new normal in the digital world that we, as technologists, have cobbled together over the decades. DDoS attacks remain too easy to launch and it’s too easy to hide the identity of the attacker.\\n\\n## What keeps you up at night?\\n\\nA week later, we mitigated a slightly smaller attack for this customer, 1.37 Tbps of TCP and UDP floods. We don\u2019t have confirmation but think it was likely the same attacker as the previous week. Most pros will will argue that attribution doesn\u2019t usually matter; you just mitigate the attack and move on. Treat it like weather, don\u2019t take it personally, etc.\\n\\nWhen reached out to our DNS provider customer to ask how they felt about our defenses, **they responded they are very pleased with our service, and they, in fact, sleep well at night.**\\n\\nThe post When You\u2019re Always Under #DDoS Attack appeared first on Blog.”,”published”:”2025-09-08T19:13:24″,”modified”:”2025-09-08T19:13:24″,”type”:”impervablog”,”title”:”When You\u2019re Always Under #DDoS Attack”,”source”:””,”references”:””,”id”:”IMPERVABLOG:7D5F14FFFCC74363824716C14D37FC90″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.imperva.com\/blog\/when-youre-always-under-ddos-attack\/”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-09-08T20:27:18″,”description”:”We recently mitigated a 1.55 terabit per second (Tbps), DDoS attack for a steady customer of ours. This particular customer is a reputable domain name…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,59,13,33,7,11,5],"class_list":["post-16420","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-impervablog","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n