How do you stop a distributed denial of service (DDoS) attack from shifting sources? You start shifting the target.
Hosting provider Bulletproof Networks has revealed how it managed to restore service to the Whirlpool broadband forum yesterday after two days of relentless DDoS attacks.
Several times over the past 48 hours, Bulletproof had asked upstream network providers Internode and Pacific Internet to block incoming HTTP traffic from various IP addresses in the United States and Denmark.
But on every occasion, the attack source shifted within minutes and Whirlpool was again bombarded.
Yesterday Bulletproof, which was attempting to deal with the issue for its not-for-profit customer without taking resources away from its mission-critical customers, turned to a trick it learned hosting the Australian Winter Olympics site in February.
Over a two-hour period, Bulletproof deployed a 'reverse proxy' server in the Amazon EC2 cloud compute.
A reverse proxy is a server, in this case hosted in the Amazon.com cloud, which takes the HTTP requests from connecting users and serves them up cached elements from the site.
It then redirects legitimate non-cached traffic to the primary content server, in this case the Bulletproof web servers hosted in Australia.
"It was the right tool for the job, as [Whirlpool's] forums aren't largely latency sensitive, though the way we've deployed it means we can add or remove it at any stage in a matter of minutes," said Bulletproof chief operating officer Lorenzo Modesto.
IBRS security analyst James Turner told iTnews that "a large number of Australian organisations" are suffering from intermittent DDoS attacks, and that using a reverse proxy is among the most common tools to deal with the problem.