Streaming Platform Products
Virtual & Dedicated Servers Products
Containers Products
Serverless Computing Products
AI & Machine Learning Products
Private and Hybrid Solutions Products
Monitoring Products
Custom Services Products
Media & Entertainment
Financial Services
IT / Technology
Retail
Education
Website Acceleration
Video Streaming
Security & Protection
Partnership Solutions
Corporate Solutions
Wargaming is one of the world’s largest publishers and developers in the free-to-play MMO market.
Wargaming games’ audience, including the flagship projects World of Tanks and World of Warships, consists of more than 200 million users on all major gaming platforms.
In 2020, the structure of global traffic changed significantly. Our research has shown a dramatic increase in content consumption in the online gaming and entertainment industry. Along with the growing interest in these industries, the number of DDoS attacks targeting infrastructure and game servers has grown.
One of the targets of the cybercriminals was our customer, Wargaming.
In the recent years, attacks have become smarter and more sophisticated.
Increasingly, they are directed at web applications themselves, rather than at specific servers (L7 of the OSI network model). At the same time, attackers very often try to imitate legitimate gaming traffic, which makes it difficult to detect and repel such attacks.
To prevent an attack and separate legitimate and malicious traffic, the traffic must be received and processed. Therefore, high network capacity and a large number of high-speed channels are the main requirements in the fight against DDoS attacks. If the channels are overloaded, the traffic simply cannot get to the DDoS protection system for subsequent cleaning. In such a case, not only the protected customers suffer, but the entire location.
On February 18, 2021, the Gcore defense systems detected an attack aimed at Wargaming servers.
The total volume of the attack was 253 Gbps, and it lasted about 15 minutes. The attackers used the UDP Flood method.
UDP Flood is distributed, artificially generated traffic. The attacker, as a rule, first studies all the subtleties of the gaming application and then generates UDP packets from fake IP addresses (on average, more than 100,000 unique IP addresses can be used in one attack).
By using filter rules to protect against well-known amplification attacks, we deflected some of the malicious traffic at our border routers. We redirected the other part to our cleaning system in order to analyze this traffic deeper and make a more informed decision about blocking.
Andrew Faber
DDoS Protection product owner at Gcore
Our method is based on the transfer of a secret key between the client application and the cleaning center, which is guaranteed to separate legitimate and malicious traffic. This way, we ensure the safety of the customer’s infrastructure and the high-quality cleaning of malicious traffic. If a powerful attack of several hundred gigabits per second is detected, traffic is distributed across several servers and several cleaning centers, thus avoiding overloading the server or even an entire server cluster.
Andrew Faber
DDoS Protection product owner at Gcore
Attacks are detected and traffic is cleaned automatically in traffic validation mode.
About Your Bourse Your Bourse is an Estonia-based company founded by the former founder and owner of Alpari Group, Andrey…
Founded in 2004 for mobile, PC, Web, Console, VR/AR, developers use Photon to create games and applications that offer synchronous…
When it comes to the technology infrastructure that supports their operations, gaming industry businesses are unusual. Very unusual. This is…
Saber Interactive is an American video game development and publishing company founded in Florida in 2001. It has more than…