AntiDDoS Protection RioRey: Service Statistics

Last Update 21/11/2024


Introduction

An AntiDDoS protection service safeguards network traffic from DDoS attacks, and at MasterDC, we provide protection based on multi-layered traffic analysis. Customers using MasterDC’s AntiDDoS protection service can also access detailed information about filtered attacks via the Customer Administration portal.

About the Tool

At MasterDC, we use the RioRey tool to defend against DDoS attacks, as it detects and mitigates threats using sophisticated algorithms designed to identify various types of attacks.

The tool operates 25 different algorithms, each containing its own subgroups to detect specific types of attacks. This ensures comprehensive protection of the network against a wide range of threats. When an attack is identified within the traffic, it is automatically blocked and prevented from reaching the network.

Service Statistics

  1. Log in to your account via Customer Administration.
  2. On the left-hand side menu, select Network Services.Screenshot from Customer Administration: selecting the "Network Services" menu item.
  3. From the list of services, choose AntiDDoS Protection RioRey. You will then be redirected to the service details page, where you can view information about the service and payment details.
  4. In the Attacks, Traffic, and Traffic graphs tabs, you can view information on filtered traffic in detail.
MasterDC Customer Administration screenshot – navigation to tabs Attacks, Traffic and Traffic graphs.

Attacks

In the Attacks tab, you will find a record of all filtered attacks, along with detailed information for each one.

Customer Administration screenshot. Attacks tab – attacks overview.

You can customise the list of both past and ongoing attacks using the filter options:

  • Filter From – Select a date and time to define the start of the period you want to display.
  • Filter To – Select a date and time to define the end of the period you want to display.
  • Show Low-Threshold Attacks – A checkbox to show or hide less significant attacks.

Attack Details

The list of filtered attacks will include:

  • Type (of attack) – A number representing the type of attack, along with a description.
  • Name (of attack) – A description of the attack.
  • Subtypes (of attack) – An array of strings representing the detected attack’s subtypes.
  • Start – The time the attack began.
  • End – The time the attack ended; if the attack is ongoing, this will be represented by the string “Infinity”.
  • Duration – The total length of the attack.
  • Target IP of the Attack – The IP address of the attack victim.
  • Zone – The AntiDDoS service and its associated target IP; the name corresponds to the service ID within MasterDC’s system.
  • Analysed (packets analysed) – The number of packets processed by the algorithm since the attack began.
  • Attack Packets – The number of packets identified by the algorithm as malicious.
  • Dropped (dropped packets) – The number of packets discarded by the algorithm.
  • Maximum Rate (of packets) – The highest observed packet rate during the entire attack.
  • Current Rate (of packets) – The current number of packets per second during the attack.
  • Current Throughput – The current number of bits transmitted per second during the attack.

After clicking on a specific attack, the Attack Details will be displayed, which additionally includes:

  • Victim ID – A unique identifier for the victim, corresponding to the ID used for the source of the attack.
  • Analysed Throughput – The total number of bits processed by the algorithm since the attack began.
  • Attack Data – The number of bits identified by the algorithm as malicious.
  • Dropped Data – The number of bits discarded by the algorithm.
  • Maximum Throughput – The highest observed packet rate throughout the attack.

Traffic

In the Traffic tab, you will find traffic logs recorded in thirty-second intervals, including all details, specifically:

  • Datetime – the time of the traffic data
  • Analysed packets – The number of packets that were dropped for algorithmic sampling purposes. This is separate from ‘Dropped packets’, which are solely due to drop decisions made by algorithms in filter mode.
  • Input packets – The number of packets received that were destined for this zone.
  • Output packets – The number of packets forwarded that were destined for this zone.
  • Monitored packets – The number of packets that were detected as attacks due to their algorithms being in monitor mode.
  • Attack packets – The number of packets that were detected as attacks. This number reflects packets that were both dropped due to attacks and packets that were still forwarded due to their algorithms being in monitor mode.
  • Clean packets – The number of clean (non-attack) packets received that were destined for this zone.
  • Dropped packets – The number of packets that were dropped due to decisions made by algorithms in filter mode.
  • Input data – The number of bits received that were destined for this zone.
  • Output data – The number of bits forwarded that were destined for this zone.
  • Monitored data – The number of bits that were detected as attacks due to their algorithms being in monitor mode.
  • Attack data – The number of bits that were detected as attacks. This number reflects bits that were both dropped due to attacks and bits that were still forwarded due to their algorithms being in monitor mode.
  • Clean data – The number of clean (non-attack) bits received that were destined for this zone.
  • Dropped data – The number of bits that were dropped due to decisions made by algorithms in filter mode.

Traffic Graphs

In the final Traffic graphs tab, you will find a concise graphical representation of network traffic – packets per second, bits per second, and bits per packet. In each graph, you can easily show or hide specific data types and select the desired time period (hour, day, week, month, or year). Graphs can be downloaded in PNG, JPEG, PDF, or SVG format.

Customer Administration screenshot, Traffic graphs tab.

Types Of Attacks

The RioRey tool identifies a total of 25 types of DDoS attacks. A detailed taxonomy, including descriptions of all 25 attack types classified by RioRey, is available on their official website.

Email Reports

The AntiDDoS protection service also sends email reports about specific attacks. These reports are generated whenever an attack exceeds the limits set by MasterDC and are sent from the address ddos-report@master.cz. Below, you will find a description of the individual items included in the email report.

Item NameDescription
DDoS Attack SummaryBasic information about the attack.
GroupCustomer ID, e.g., 1234
ZoneZone name within the MasterDC network.
Reported atDate and time of report generation.
NoteThe attack values that exceeded the set limits and triggered the generation of the report are always indicated in bold.
VictimInformation about victim.
IDUnique ID for the specific attack.
IP AddressTarget IP address.
Attack TypeStarts with a label such as “AT8”, followed by the attack name (for descriptions of attack types, refer to the “Types Of Attacks” section in this guide).
Filter ModeAttack filtering modes – there are three modes:
Auto – The algorithm operates based on the current settings and automatically blocks an attack if detected.
Monitor – The algorithm operates according to current settings, detecting and logging ongoing attacks but not blocking the traffic.
Off – The algorithm is disabled in this mode and does not analyse traffic. If all algorithms are set to “off”, all traffic is automatically forwarded.
Start TimeThe date and time the attack started.
DurationThe total duration of the attack.
Attack PacketsThe number of attack packets.
Attack BitsThe number of attack bits.
Dropped PacketsThe number of dropped packets.
Dropped BitsThe number of dropped bits.
Avg. Attack Rate ppsThe average attack rate (packets per second).
Avg. Attack Rate bpsThe average attack rate (bits per second).
Peak Attack Rate ppsThe peak attack rate (packets per second).
Peak Attack Rate bpsThe peak attack rate (bits per second).
Attack SubtypeInformation about the attack subtype.
Attack TypeThe primary type of attack (as listed in the “Types Of Attacks” section of this guide).
Attack SubtypeThe numerical designation of the attack subtype.
DescriptionA description of the attack subtype, typically including details about the size and speed of data sessions.
Attackers in Filter ListInformation about the attackers.
Attacker IP AddressThe source IP addresses of the attackers.

Any suggestions for improving the tutorial?

Let us know by sending a message