OACYS DoS Filtering Appliance Installed

new-piktochart_16809125_58fe6df4cfe547504573fb86159b6ae3a0859a61We are always trying to find ways to improve the quality and reliability of the Internet service we provide to our customers.  One of the areas that has appeared to be out of reach for improvement has been protection of customers from connection problems when one customer is targeted by a denial of service attack… until now.  These DoS attacks have been infrequent, but OACYS believes it is important to protect all customers from attacks targeting the few.

Denial of service attacks are intended to make a target Internet connection unusable, whether it is a server on the web or an end-user.   This typically occurs through many malicious sources working in unison to overload the target with illegitimate Internet traffic.  A recent example of a DoS attack in the news is the attack against DynDNS in October that limited access to Paypal, Netflix, Twitter, and others.

OACYS engineers worked for a few months on setting up and bench testing a server appliance that could be used to filter attacks closer to the source.   In the second week of November we installed that DoS mitigation appliance at One Wilshire in Los Angeles, one of the most well-connected data centers on the west coast.  That box is now connected with much more bandwidth than is available on the fiber connections to our headquarters in Porterville.  This allows the traffic to be filtered for attacks in a cost-effective manner before being sent down the connection toward our customers.

One week after the appliance was installed we detected two separate attacks.  As we hoped, the live attack was blocked by the new appliance and network connections running through our fiber circuit from One Wilshire were protected (and not impaired).  Soon after the attack started we also re-routed the other upstream circuits through One Wilshire to protect all user traffic.  Now we are negotiating with our other upstream providers to get into their data centers or bring higher bandwidth connections to our headquarters to help mitigate these attacks, and by doing so provide a more reliable connection to our customers.