Linode announced the availability of its DDoS protection service across its network for detection and mitigation of DDoS attacks.
Linode provides virtual private servers for hosting, object storage, and a managed Kubernetes service. The company has 11 data centers globally. It has faced Distributed Denial of Service (DDoS) attacks in the past, notably in 2016 when attackers used application-based and volumetric attacks against their webservers, nameservers, and network infrastructure. Since then, Linode has used various approaches including using Cloudflare for protecting their nameservers, increasing their network capacity, and now building their own DDoS mitigation infrastructure, which is based on Juniper and Corero.
DDoS attacks attempt to take down websites or services by flooding them with requests and data from multiple devices and locations. The increase in the number of vulnerable Internet-connected devices has led to large scale attacks like the one on Dyn using the Mirai botnet. Other attacks use misconfigured software like the one against GitHub. DDoS attacks can be volumetric, protocol-based or application-based.
Volumetric DDoS attacks attempt to fill up the targeted network's bandwidth, and can be triggered using a combination of common network protocols and address spoofing. In contrast, protocol attacks take advantage of weaknesses in network protocols - an example being the SYN flood attack. Application-layer attacks like Slowloris exploit specific weaknesses in how some applications work.
DDoS mitigation approaches follow a multi-step process of detection of malicious traffic, followed by scrubbing, rerouting or dropping such traffic. Defining normal "traffic patterns" helps to identify abnormal traffic, and also to differentiate between human and bot traffic. Scrubbing involves running heuristic algorithms on the traffic to detect anomalies. Previously, most of these checks were done in hardware. Today, some of them are also done in software. A technique called "blackhole routing" or "null routing" is used to discard traffic, which might also cause non-malicious traffic to be dropped if there are no filtering criteria. Linode will "block the attack inline, then distribute the increased traffic across its global fiber backbone" in the event of an attack. According to reports, Linode's current solution will adopt null routing if the attack is sufficiently large, and they also recommend using an additional third-party protection service if a large enough attack is anticipated.
Most cloud providers provide various kinds of DDoS protection - like GCP's Google Cloud Armor, AWS's Shield, and Azure's Front Door. Content-focused service providers like Cloudflare, Akamai, Sucuri, Imperva and Fastly also offer DDoS protection to customers. Almost all of these DDoS tools are paid services. However, some of them are included in the cost of the primary service, including in the free tiers. Linode's DDoS service is "free for all Linode customers", i.e., it's included with Linode's other services.