Home / Blogs

DDoS Attack Graphs from Russia vs. Georgia's Cyberattacks

Dancho Danchev

Part of Georgia's information warfare campaign was aiming to minimize the bandwidth impact on its de-facto media platforms such as the website of their Ministry of Foreign Affairs. I've just received a report [PDF] on "Russian Invasion of Georgia," titled "Russian Cyberwar on Georgia" which is quoting me on page 4 regarding "too good to be courtesy of Russia's cyber militia” creative that appeared on the defaced Georgian President's website. The report also includes DDoS attack graphs and related details worth going through:

The last large cyberattack took place on 27 August. After that, there have been no serious attacks on Georgian cyberspace. By that is meant that minor attacks are still continuing but these are indistinguishable from regular traffic and can certainly be attributed to regular civilians.

On 27 August, at approximately 16:18 (GMT +3) a DDoS attack against the Georgian websites was launched. The main target was the Georgian Ministry of Foreign Affairs. The attacks peaked at approx 0,5 million network packets per second, and up to 200-250 Mbits per second in bandwidth (see attached graphs). The graphs represent a 5-minute average: actual peaks were higher.



The attacks mainly consisted of HTTP queries to the http://mfa.gov.ge website. These were requests for the main page script with randomly generated parameters. These requests were generated to overload the web server in a way where every single request would need significant CPU time.

The initial wave of the attack disrupted services for some Georgian websites. The services became slow and unresponsive. This was due to the load on the servers by these requests. As you see from the graphs above the attacks started to wind down after most of the attackers were successfully blocked. The latest attack may have been initiated as a response to the media coverage on the Russian cyber attacks.

In case you're interested in more factual evidence about what was happening at that particular moment in time, go through the following assessments: "Coordinated Russia vs. Georgia cyber attack in progress”; "The Russia vs. Georgia Cyber Attack”; "Who's Behind the Georgia Cyber Attacks?”; "Georgia President's web site under DDoS attack from Russian hackers”.

By Dancho Danchev, Independent Security Consultant. More blog posts from Dancho Danchev can also be read here.

Related topics: Cyberattack, Cybercrime, DDoS, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

dotStrategy Selects Neustar's Registry Threat Mitigation Services for .BUZZ Registry

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

What Does a DDoS Attack Look Like? (Watch First 3 Minutes of an Actual Attack)

Joining Forces to Advance Protection Against Growing Diversity of DDoS Attacks

Why Managed DNS Means Secure DNS

Rodney Joffe on Why DNS Has Become a Favorite Attack Vector

Motivated to Solve Problems at Verisign

Diversity, Openness and vBSDcon 2013

Neustar's Proposal for New gTLD Collision Risk Mitigation

IT Project Management: Best Practices in Small-Scale Engagements

DDoS Attacks in the United Kingdom: 2012 Annual Trends and Impact Survey

7 Keys to Professional Services Value: A Client-Side Perspective

Neustar Launches Global Partner Program

MarkMonitor Named a Top Trusted Website in OTA's 2013 Online Trust Honor Roll

Neustar Chief Technology Officer Appointed to FCC's Technological Advisory Council

Hope is Not a Strategy: Neustar Releases 2012 Annual DDoS Attack and Impact Survey

How Neustar Technology Can Help Mitigate DDoS Attacks

Reducing the Risks of BYOD with Nominum's Security Solution

Neustar Launches Enterprise Professional Services Offerings

Nominum Releases New Security Intelligence Application

Sponsored Topics