DDoS, Baidu, and China’s Great Cannon

Recently the New York Times announced that CloudFlare has partnered with Internet search giant Baidu in China, Google’s eerily similar competitor, to deliver Yunjiasu, a CloudFlare-like service in China. The service is aimed at speeding up Internet connectivity and providing some level security services for its customers, including limited DDoS mitigation. It will likely operate similar to CloudFlare itself, with the exception of falling within the jurisdiction of the Chinese government and therefore Chinese censorship and draconian Internet laws. The New York Times considers this as possibly a “new model for American tech firms that are considering doing business in the delicate areas of China’s tech industry.”

China and Its Internet

There are many countries that provide some level of censorship and control over their population, especially with regards to the Internet. China, however, stands fairly unique in the world in this regard. It has managed to shield the entire country – all 1.35Bn people from what it deems as inappropriate or subversive to the current political regime. This is by no means a trivial matter. The sheer volume of data that passes in and out of China is immense. They’ve managed to control this flow with a comprehensive firewall known as the Great Firewall. This is a defensive system.

Continue reading

How to Launch a 65Gbps DDoS, and How to Stop One

How to Launch a 65Gbps DDoS, and How to Stop One

Yesterday I posted a post mortem on an outage we had Saturday. The outage was caused when we applied an overly aggressive rate limit to traffic on our network while battling a determined DDoS attacker. In the process of writing it I mentioned that we’d seen a 65Gbps DDoS earlier on Saturday. I’ve received several questions since that all go something like: “65Gbps DDoS!? Who launches such an attack and how do you defend yourself against it?!” So I thought I’d give a bit more detail.

What Constitutes a Big DDoS?

A 65Gbps DDoS is a big attack, easily in the top 5% of the biggest attacks we see. The graph below shows the volume of the attack hitting our EU data centers (the green line represents inbound traffic). When an attack is 65Gbps that means every second 65 Gigabits of data is sent to our network. That’s the equivalent data volume of watching 3,400 HD TV channels all at the same time. It’s a ton of data. Most network connections are measured in 100Mbps, 1Gbps or 10Gbps so attacks like this would quickly saturate even a large Internet connection.

How to Launch a 65Gbps DDoS, and How to Stop One

Continue reading