Case Study: Acme Corp - DDactic | DDoS Vulnerability Assessment Success Story

Note: This is a synthetic case study for demonstration purposes. All company names, IP addresses, and findings are fictional.

Executive Summary

Risk Score

7.1 → 2.8

Unprotected

7 → 0

Critical

3 → 0

High

4 → 0

Time

14 days

Client Profile

Industry	Enterprise Software (B2B SaaS)
Size	500+ employees
Infrastructure	Hybrid (On-premise + AWS Cloud + Cloudflare CDN)
Primary Concern	Business continuity during DDoS attacks

The Challenge

Acme Corp experienced a 2-hour outage during a volumetric DDoS attack targeting their API infrastructure. While their public-facing website was protected by Cloudflare, attackers discovered and targeted their unprotected origin servers directly.

Key Pain Points

No visibility into complete attack surface
Unknown origin IP exposure
Legacy systems with outdated software
Development/staging environments publicly accessible
Inconsistent DDoS protection across assets

DDactic Assessment

Phase 1: Passive Reconnaissance

DDactic's passive reconnaissance identified:

15 total assets across 3 environments
7 unprotected on-premise assets with direct IP exposure
1 legacy server running EOL software (Apache 2.2, PHP 5.4)
Multiple sensitive services exposed (MySQL, FTP, SMTP)

Phase 2: Environment Breakdown

Environment	Assets	Percentage	Risk Level
On-Premise	7	47%	CRITICAL
CDN (Cloudflare)	5	33%	Protected
Cloud (AWS)	3	20%	Moderate

Critical Findings

1. Unprotected On-Premise API Server

Direct origin IP exposure (203.0.113.10) with MySQL port accessible from internet. No WAF or rate limiting configured.

2. Legacy Server with EOL Software

Apache 2.2.22 / PHP 5.4.45 (unsupported since 2015) with FTP service containing known vulnerabilities.

3. Origin IP Leakage

Cloudflare could be bypassed via historical DNS records. SSL certificate transparency revealed origin IPs.

Remediation Actions

Week 1: Critical Fixes

Finding	Action	Status
Unprotected API	Deployed behind Cloudflare proxy	Completed
MySQL exposure	Firewall rule: block external 3306	Completed
Legacy FTP	Disabled, migrated to SFTP	Completed
Dev server exposure	Moved behind VPN	Completed

Week 2: Hardening

Area	Action	Status
Origin protection	Whitelist only Cloudflare IPs	Completed
Rate limiting	Implemented 100 req/s per IP	Completed
DNSSEC	Enabled for all zones	Completed
Software updates	Apache 2.4, PHP 8.1 on legacy	Completed

DDactic CLI Commands Used

# Origin IP protection
for ip in $(curl https://www.cloudflare.com/ips-v4); do
  iptables -A INPUT -p tcp -s $ip --dport 443 -j ACCEPT
done
iptables -A INPUT -p tcp --dport 443 -j DROP

# Rate limiting with nginx
limit_req_zone $binary_remote_addr zone=api:10m rate=100r/s;

# DNSSEC verification
dig acmecorp.com +dnssec

Results

Risk Score Reduction

Before

7.1/10

After

2.8/10

Attack Surface Reduction

100% of critical findings resolved
100% of high findings resolved
7 → 0 unprotected assets
All origin IPs now protected

Validation Testing

Test Type	Parameters	Result
Volumetric attack	100 Gbps simulation	Mitigated by Cloudflare
Application-layer attack	50K RPS	Rate limited
Origin bypass attempts	Direct IP targeting	Blocked by whitelist
SSL/TLS attacks	Protocol fuzzing	No vulnerabilities

"DDactic's assessment revealed critical blind spots in our DDoS protection strategy. Within two weeks, we went from a high-risk posture to industry-best practices. The detailed remediation steps and CLI commands made implementation straightforward."

— IT Security Director, Acme Corp (fictional)

Key Takeaways

CDN protection alone is insufficient — Origin IP exposure negates CDN benefits
Legacy systems are high-risk targets — Prioritize updates or isolation
Development environments need protection — Often overlooked attack vectors
Continuous monitoring is essential — Attack surfaces change over time

DDactic Services Used

Passive Attack Surface Discovery
Active Vulnerability Scanning
DDoS Simulation Testing
Remediation Guidance
Post-Remediation Validation