What is DDoS?

A DDoS (Distributed Denial of Service) attack attempts to make a web service unavailable by overwhelming it with traffic from many and sometimes millions of sources. Attacks like this limit or block access to virtually everything: servers, devices, services, networks, applications, and even specific transactions within applications. Generally, these attacks swamp a website with a constant, large number of requests for data. The objective is to send so many requests that the web servers either crash under the tremendous demand or the high traffic levels overwhelm the servers preventing real users from accessing the site..

What is Algo-Shield?

Algo-Logic is a recognized market leader developing innovative, highly flexible solutions that offer ultra-low latency solutions in a wide range of markets and applications. This ultra high performance was leveraged to enhance the defensive capabilities against DDoS attacks by creating a fast filtering mechanism - Algo-Shield (Algo-Logic's Enhanced Gateway Insulator).

Algo-Shield receives a Whitelist of valid customer addresses and a Blacklist of addresses of known or suspected malicious sites. This Blacklist is created from inputs from several third parties including Network firewall vendors, network intelligence/security firms, and historical data of previous attacks on the website. All of the addresses are included into a single Blacklist. Algo-Shield then compares the Whitelist against the combined Blacklist to develop a Revised Blacklist. The Whitelist is constantly updated as new participants join the network. The Algo-Shield fast filtering system helps reduce DDoS mitigation time by offloading time consuming computations from software onto an Intel FPGA card which reduces the compute time from tens of minutes to seconds to provide optimized solution.

Spotlight: Algo-Shield used by Large Global Media Company

A large media company was battling almost constant DDoS attacks.The company faced a difficult challenge. Leveraging traditional DDoS appliances would require a tremendous investment in capital to build an expensive and complicated mitigation plan that could still be overwhelmed from an extreme, highly determined attacked. Or they utilize a Blacklist/Whitelist hybrid strategy which would be enabled by Algo-Shield.

With the hybrid approach, once they had the Revised Blacklist they redirect and drop the traffic from malicious addresses using relatively inexpensive OEM 10/25/40/100 GbE switches. Algo-Shield enabled this approach by generating the Revised Blacklist quickly. The Blacklist includes literally tens of millions of potential addresses which must be scrubbed against the Whitelist to ensure network access of valid/real customers is not impacted.

The design parameters for the DDoS ACL Appliances were:

  • Support IPV4 with a future path to IPV6
  • Support a Blacklist of up to 40M entries
  • Support a Whitelist of up to 1 M entries
  • Combine the Blacklist elements and compare against a know Whitelist and delete any Whitelist address. And automatically recombine fragmented sub-nets on the Revised Blacklist.
  • And complete this operation as fast as once every few seconds!