Product Code Database
DDoS mitigation is a set of network management techniques and tools for resisting or mitigating the impact of distributed denial-of-service (DDoS) attacks on networks attached to the Internet by protecting the target and Relay network. DDoS attacks are a constant threat to businesses and organizations, delaying service performance or shutting down entirely.
DDoS mitigation works by identifying baseline conditions for network traffic by analyzing "traffic patterns" to allow threat detection and alerting. DDoS mitigation also requires identifying incoming traffic to separate human traffic from human-like Internet bot and hijacked Web browser. This process involves comparing signatures and examining different attributes of the traffic, including IP address, HTTP cookie variations, HTTP headers, and browser fingerprints.
After the attack is detected, the next process is Internet filter. Filtering can be done through anti-DDoS technology like connection tracking, IP reputation lists, deep packet inspection, blacklisting/whitelisting, or rate limiting.
One technique is to pass network traffic addressed to a potential target network through high-capacity networks, with "traffic scrubbing" filters.
Manual DDoS mitigation is no longer recommended due to the size of attacks often outstripping the human resources available in many firms/organizations. Other methods to prevent DDoS attacks can be implemented such as on-premises or Cloud computing solution providers. On-premises mitigation technology (most commonly a hardware device) is often placed in front of the network. This would limit the maximum bandwidth available to what is provided by the Internet service provider. Common methods involve hybrid solutions, by combining on-premises filtering with cloud-based solutions.
One technique of DDoS attacks is to use misconfigured third-party networks, allowing the amplification of IP spoofing UDP packets. Proper configuration of network equipment, enabling ingress filtering and egress filtering, as documented in BCP 38 and RFC 6959, prevents amplification and spoofing, thus reducing the number of relay networks available to attackers.
DDoS attacks are typically categorized into three types: volumetric, protocol-based, and application-layer attacks.
Volumetric attacks
These attacks aim to consume bandwidth by flooding a network or service with massive volumes of traffic.
Protocol attacks
These focus on exhausting resources of network infrastructure by misusing communication protocol behavior.
Application layer attacks
These attacks mimic legitimate traffic to deplete application server resources, making them particularly difficult to detect.
|
|
