Denial of Service Attack Affects ADM

We recently had an internet service disruption due to an attack against a district who also uses an internet connection that is aggregated through Heartland AEA via the Iowa Communications Network (ICN).  After communicating out basic details of the disruption to our staff, I received a good question:  What is a denial of service attack?

I received a good question: what is a “denial of service attack”?

Here’s a short explanation:

In a typical denial of service attack situation, an internet address is flooded with meaningless traffic, effectively shutting it down.  In this case, the address being attacked is part of Pella’s address range.  Let’s assume that the IP address being attacked is 100.101.102.103.  A large number of computers around the world – all infected with the same virus, perhaps – would receive instructions to send as much traffic as they can to 100.101.102.103.  Potentially millions of computers, then, would all send meaningless traffic at one time.  Pella’s bandwidth would then be flooded with this junk traffic, effectively rendering their network non-operational.

Pella_During_DDOSHere is what Pella’s internet connection looked like during the attack:

Since most districts in central Iowa are aggregated through Heartland AEA via the Iowa Communications Network (ICN), an attack against one district – like this – can, if it’s large enough, flood the entire AEA aggregation link (which is a feat, as that link is something like 8Gb/s bandwidth.  This effectively blocks most incoming and outgoing communication for all districts that use the ICN in Central Iowa.

AEA_During_DDOSHere’s what the AEA’s traffic looked like during the attack:

In order to stop the attack, the ICN typically blocks the originating addresses.  If there are only a few attacking computers, this can be done manually.  Typically, the attack is identified as coming from a region (say, Thailand), and all traffic from Thailand will be blocked by the ICN, cutting off the attack.  I’m at the AEA now, and just got word that they used geoblocking to shut down the area that was causing this current attack, and expect that internet operations will return to normal within a few minutes.

adm_during_ddosHere’s what our internet traffic looked like during the attack:

We’re looking into solutions to mitigate this issue in the future, including the possibility of using a secondary internet connection that can serve as a “failover” in the event that our ICN connection is down.

I hope that this explanation sheds a bit more light on the situation.

Advertisements
This entry was posted in Technology Information, Uncategorized and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s