Dit artikel is een vertaling van RioRey RX1810: een firewall onder vuur.
The RioRey RX1810 is an appliance specially developed to counter DDoS attacks. Tweakers.net has purchased this appliance to better protect itself against these kinds of attacks and, since it is an interesting appliance, we have written a review about it.
The goal of a Denial of Service attack (DoS, for short) is to render services such as a website or chat server inaccessible. When many attackers are involved in a DoS, this is called a Distributed DoS, or a DDoS.
In its manual, RioRey defines a DDoS as being 'an attack which uses a flood of traffic to overwhelm a server on the Internet.' This straightforward concept can be put into practice in countless straightforward and, in particular, less straightforward ways. An attack may resemble any type of legitimate Internet traffic, and, since the Internet offers thousands of legitimate applications, a DDoS defence must be able to counter thousands of different attacks.
Moreover, it is stated in the manual that most DDoS attacks are carried out nowadays by at least four thousand computers and that botnets involved in the really large attacks involve hundreds of thousands of computers. In addition, RioRey tells us that, at the end of 2008, it only cost 4 dollar cents per bot per day to set up an attack.
Protection against DDoS attacks costs, of course, money, time and effort and most websites are not exactly under attack on a daily basis. Therefore, not everybody will find it useful to take preventive measures. Thus, it is necessary to carefully consider the costs and benefits of protection.
Most of the costs are related to buying the appliance and its additional maintenance. The benefits are somewhat harder to establish. Our primary goal is to reduce the number of hours our system administrators have to invest in trying to counter an attack. What is more, a successful defence has the immediate benefit of safeguarding the income from banners and various other parts of the websites. Other websites also have to take the increased traffic into account, as well as the additional load to servers caused by a DDoS.
The benefits in the long term are more difficult to assess. Even if a website is down for only a few hours, this may already result in a loss of visitors. Usually, there are several other websites that provide comparable information and once a visitor has found an alternative website he or she is less likely to return. In addition, downtime may cause damage to the image of a website or the company behind it. After all, people expect a website to be fully operational.
Whether protection is useful or not mainly depends on the frequency and severity of the DDoS attacks that are made on a website. If a website has never been under attack, protection is simply a waste of money. In any case, the cheapest solution is to not protect oneself and hope that this will never be necessary either.
Tweakers.net fell victim to several attacks in August and September 2009. A number of these attacks were indeed effective. The attacks varied in intensity between 60 and 75 kilopackets per second (kpps), peaking at 250kpps, and between tens to hundreds of megabits per second. It is important to note that the effectiveness of this type of attack relies mainly on the number of packets used. The size of the packets usually is not even that important, and the same applies to the number of megabits.
Since this was not the first time we were subject to DDoS attacks, and since we sadly do not expect this to be the last time either, we started looking for a way to protect ourselves. Of course, we are well aware that it remains difficult to counter an attack that takes up all available bandwidth, but attacks of that nature comprise only a subset of all possible attacks.