Bumblebee DDoS Protection Suite

Why is the DDoS Protection Suite needed?

When you order a Dedicated Internet Access (DIA) circuit, the ISP gives you a /29 subnet. This is the demarcation subnet and it is a public subnet. And as such any machines on this public subnet, such as firewalls, routers, load balancers and servers is constantly under attack from unwanted sources, as shown in a screenshot below.

As you can see from the above captured screenshot, in the last hour hundreds of IP sources have scanned our public subnet. These IP sources are trying to gain access via SSH or Telnet to servers, they are also scanning full range of TCP ports. Some of these source IPs are legitimate traffic, but many others are not. They are constantly looking for open ports to gain access to your internal network!

In addition, at any time Internet sources may launch a DDoS attack to exhaust your firewall and server memories and bring them down, causing outage and productivity losses. For example a TCP SYN flood attack sends thousands of TCP connection requests per second never intending to establish a connection overwhelms a firewall or server by filling its memory database with useless connections to the point of stalling its functions. Sometimes the attack rate may be low to evade detection. Other times it's a distributed attack from hundreds of thousands of different source IPs.

What does Bumblebee DDoS Protection Suite provide?

Bumblebee DDoS protection suite includes the following service features:

1. Geo Visibility: View the geographic locations of source IPs to the public subnet provided by the service provider (the /29 or /30 subnet).

2. Block Malicious Sources: The malicious source IPs with bad reputation score of 100% are blocked by Bumblebee CPE so that traffic does not reach firewall, router and servers in the on premise network.

3. DDoS Mitigation: Block TCP SYN flood, UDP flood, ICMP flood from the Internet so that attack traffic does not reach firewall, router and servers in the on premise network.

   
   
   
   

   Below is an example display of Block Malicious Source IPs

   

   
   
   
   

   Below is an example display of DDoS Mitigation and Attack List.

   

   
   

How to enable DDoS Protection Suite?

The protection suite is enabled on the per site bases.

To enable protection,

• Login to the Bumblebee portal

• On the left navigation bar, click Internet NIDs

• Select one Internet NID, click Actions -> Edit Block Malicious Sources to enable Block Malicious Sources

• Select one Internet NID, click Actions -> Edit DDoS Mitigation to enable DDoS attack protection.