Free Internet Security Newsletter

Join 10,000+ subscribers who get breaking news and tips on improving their Internet security delivered directly to their inbox

Check email address is correct


Incapsula Strikes Back At DDoS Attack On Video Gaming Website

By Summer Hirst Email | 20 August 2014 at 9:45 am CET | No Comments

A group of unknown hackers carried out a well-planned multi-vector DDoS attack on a video gaming website. The attack peaked at almost 110 Gbps and sent more than 90 million packets per second. However, the attack was successfully countered by new Behemoth Scrubbers by Incapsula.

Last week, Incapsula contacted the VPNCreative team and told us about the attack. The attack took place within a month of launching the Behemoth scrubbers deployed in five data centers: Los Angeles, San Jose, London, Frankfurt, and Miami.

The attack started on June 21 and continued until July 28, lasting for 38 days, which was much longer than initially predicted by the team. The company had to filter out a few tens of millions of DDoS packets on a daily basis to counter this high intensity attack.

Incapsula graph
Photo: Incapsula

While the company fought against the DDoS attack, hackers tried everything to bring the website down – from focused application layer (HTTP) floods to network layer DDoS attacks and several XSS and SQL injection attempts. And unfortunately for the hackers, all these attempts were successfully foiled by the Incapsula Web Application Firewall.

The Beginning of the Attack

The Incapsula team noticed a DNS flooding attack peaking at almost 90 Mpps (Million packets per second), with most of the attacking IP addresses belonging to India and China. This led the researchers to believe that the IPs are spoofed.

A DNS flood attack is a type of symmetrical Distributed Denial of Service (DDoS) attack that uses publicly accessible DNS servers to overrun a victim’s server with DNS response traffic. This type of attack exhausts the server side resources (including processors and memory) with multiple UDP (user diagram protocol) requests that are generated using scripts running on botnet systems.

The trends of DDoS are changing and hackers these days use all possible resources to exploit the weakness of the victim system.

The attack went on for 38 days, during which the Behemoth servers filtered out more than 50 petabits (50,000 terabits) of malicious traffic. The attackers also resorted to using large SYN floods directed towards the Incapsula DNS infrastructure.


Photo: sibgat / Shutterstock

One interesting factor in these attacks was that while the hackers switched between various targets, they constantly attacked the website of one Incapsula client, which was a video gaming company that hired Incapsula just before the attack. This showed that the gaming company was the real target. The attackers showed extreme determination and aggression, hinting towards the involvement of a rival party. Their goal was obvious – taking down the website and thus ruining their online business.

When Incapsula noticed the malicious packets more closely, they found that a large part of them were coming from similar IP ranges.

“We knew that 20% of C-classes are typically responsible for ~80% of all DDoS traffic.”

By monitoring the IPs, the company was able to detect the offenders who continued attacking using powerful network resources. The strategies they used indicated that they were not amateur hackers trying to make a quick buck with a DDoS attack, but professionals with a serious motive.

Incapsula did not share the real identities of the main victim or the perpetrators of the attack.

Have something to add to this story? Share it in the comments below

Topics: , , , ,
Summer Hirst


Summer Hirst

Summer is a technology reporter and web-enthusiast. She writes about trends and technologies that affect our daily lives in a way that makes complex issues appear comprehensible for the rest of us. Summer is fresh out of university and based in London, United Kingdom

leave your comment


Join our free newsletter

Receive our daily brief on Internet security, online anonymity, reviews and exclusive discounts.

VPN Providers

We are a professional review site that receives compensation from the companies whose products we review. We are independently owned and the opinions expressed here are our own.

VPN Providers