Incident Report for Performance Issues

January 24, 2022
AUTHOR
Headshot
AUTHOR

Stan Watts

Chief Technology Officer

,

ClassLink

AUTHOR
Headshot
AUTHOR

,

Back to Blog

On Monday, January 24, 2022, at approximately 11:47 AM EST, a significant DDoS attack occurred which impacted login page access to ClassLink LaunchPad. Our infrastructure team implemented several mitigation efforts and collaborated with Amazon Web Services (AWS) engineers. The mitigation efforts fully blocked the malicious traffic by 12:08 PM EST (21 minutes after the attack started).

Many but not all ClassLink clients experienced performance issues during the 21 minutes. Some ClassLink clients whose public IPs were not already registered with our ‘Allow List’ experienced performance issues after the mitigation efforts were implemented.

The blocked malicious traffic continued until 7:02 PM EST.

Almost 1 billion requests were blocked by DDoS protection.

What Makes This Attack Unique?

ClassLink routinely blocks DDoS attacks occurring on our infrastructure at least once a week. Most attacks originate from countries outside the United States and are more easily identified as malicious.

The Monday, January 24, 2022 attack originated almost entirely from U.S. based IP addresses. The bad actors in this attack used more sophisticated techniques to avoid our DDoS protection and used a larger number of unique IP addresses originating from the U.S.

Resolution

ClassLink infrastructure has several DDoS prevention mechanisms in place to protect against a variety of attacks, DDoS and otherwise. However, this particular attack was different from other attacks we have seen in the past. U.S. based IP addresses were used and new avoidance mechanisms were used thus preventing the triggering of our previous DDoS protections.

Our team responded immediately when the attack began and evaluated options. We implemented new protection rules at 12:06 PM EST and those rules took approximately two minutes to take effect. As it became clear that some ClassLink clients whose public IPs were not already registered with our ‘Allow List’ experienced performance issues, our client services team began reaching out to clients to obtain their external IP addresses.

These new protection rules will continue to strengthen our overall system reliability. Prior to yesterday’s performance outage, we enjoyed 153 consecutive days of uptime. We care about this performance measure and we intend to continue to increase our days of uptime by making meaningful investments in staff and resources. Our goal is to be the most reliable vendor with the greatest uptime to our clients.

Does This Impact Accessing ClassLink From Home?

Users connecting from home are not impacted by the new protection rules unless the home is originating the DDoS attack.

How Can I Learn More About the Particulars of the Attack and New Protection Rules?

Clients are always welcome to contact us for a discussion with ClassLink leadership during which time we can share further information and answer any questions.

Categories:

ClassLink
ABOUT THE AUTHOR
ABOUT THE AUTHORS

Stan Watts

Chief Technology Officer

,

ClassLink

,