During the course of 14th and 15th June the emPSN infrastructure and networks were subjected to a number of Distributed Denial of Service (DDOS) attacks from the internet. These attacks, whilst unsuccessful caused disruption to customer’s access to the Internet which impacted services and activities during those times.
The impact to customers was that access to services with a reliance on the internet became intermittent and then failed whilst on network services, such as site to site federated services or access to on network authority systems, continued to operate as expected throughout. Following the attacks, which lasted approximately 30 minutes each, normal service was resumed.
It is sad that an individual or a group of individuals has chosen to target educational services during a period of examination, this will have undoubtedly led to significant stress and upset to students which is completely unnecessary. We apologise for any disruption this will have undoubtedly caused to any and all customers, with a particular acknowledgment to students taking exams at those times.
While the attacks took place and internet access was badly affected all on-network services remained available within the KCOM Managed emPSN networks, including the security which protects it. The attacks created a flood of traffic on the networks Internet feeds which consumed all the 10Gb Internet bandwidth, this prevented legitimate traffic getting through. The emPSN network security systems prevented the traffic reaching the services which it targeted, protecting both those services and their delivery infrastructure. The network security worked as it is designed to, which prevented any extended periods of service loss.
The analysis of the attacks led to a number of countermeasures being implemented by Janet/Jisc upstream of the emPSN network. The attacks were made against different but related systems and measures were tightened following a third large scale attack reducing the impact on the network if the type of DDOS was to re-occur. Our service providers and vendors worked closely together during these events and we will continue to work on methods and means to protect the security of the services going forward. Each of the attacks started and ended within 30minutes but we were able to mobilise support teams to observe analyse and assess what taking place.
Prevention of DDOS is not a straightforward or simple activity as it has any number approaches which attackers can take. We will continue to be vigilant and to learn from these events and add further protection to the services we offer using the resources we have.
