DDOS attacks

Starting at 13:41 CEST a massive DDoS attack hit our network

At 13:43 CEST our DDoS detection software started mitigating the DDoS attack. The attack stopped and started several times after that.

At around 14:15 CEST we came to the conclusion our DDoS mitigation partner didn’t clean the traffic as well as we expected as there was still way too much traffic sent back to the Tilaa network.

After investigating afterwards we came to the conclusion this was a new type of attack. We made modifications with our partner to mitigate future attacks successfully.

We are confident the changes we made were the right ones as we faced a similar attack after the changes, and that attack was mitigated successfully.

At 14:25 CEST we made a change to drop all traffic pointing to the DDoS target. This resulted in the network part after the edge-routers being protected.

Between 14:25 CEST and midnight we monitored the network. All of our monitoring tooling (the internal tooling as well as the external tooling) showed no anomalies. There was no indication customers could be impacted, sadly some customers still experienced intermittent packet loss.

Finally at 21:28 CEST all traffic was back to normal.

 We made significant improvements:

• Together with our DDoS mitigation partner we have made changes to improve handling of this type of attacks. We have already successfully mitigated this type of attack after these changes were made.
• We will have a look at our procedure how to communicate about these outages as we recognized our communication was not at the level you may expect from us.