What is Firewall on Demand?
Firewall on Demand, abbreviated as FoD, is an application with a WEB front which allows eduGAIN (and not only) NOC/CERT users to disseminate firewall filters within seconds, in order to defend against DdoS attacks.
Why Use Firewall on Demand?
- Speed – Time to disseminate/withdraw firewall filters is sub 10 seconds (icon with 10 seconds)
- Convenience (no phone required icon + text)- NREN users can use web portal themselves, or make request by phone or e-mail.
- Simple (icon + following text) – Intuitive, non-vendor specific GUI-based wizard to configure router firewall filters without need for special knowledge.
FoD Success Story
LITNET CERT has been using GEANT FOD for more than 5 years. The first rules were created on March 2016.
During these years more than 100 rules had been applied. There were few cases when the FOD has helped LITNET to survive during the attacks. Covid-19 quarantine has led to an increase in attacks against virtual learning environments, such as Moodle. The one of the first attack was in the first month of quarantine, when all Lithuanian schools were working online. The magnitude of the attack is demonstrated below.
It was DDOS amflification attack, that used vulnerable devices (DNS openresolver, openNTP, open LDAP).
LITNET used FoD to create a rule and after that to investigate the incident, why it happen at this concrete time, what virtual learning environment was under attack etc. This rule is still in place, helping to manage potential future attacks.
In general, the LITNET network does not experience long lasting DDOS attacks – a typical attack would normally last between 10-15 minutes. LITNET is now working on testing the GEANT FoD REST API, to support automatic creation of rules when netflow records reach critical values indicating that an attack is taking place.