DDoS Attack and Solution
DDoS Attack
A distributed denial-of-service (DDoS) attack is a malicious attempt to interrupt the normal traffic of a targeted host, service or network by devastating the target or host or its surrounding infrastructure with a flood of Internet traffic. Generally, these attacks work by dying a system with requests for data by means of sending so many requests to web server for a page and in result it crashes due to a high volume of queries. Typically, DDoS attackers rely on botnets. A botnet is a collection of a bunch of malware infected systems that are centrally controlled.
There are three primary classes of DDoS attacks:
Volume Based, Network based, Application based
Volume based attacks use massive amounts of fake traffic to overwhelm a resource such as a website or server which includes ICMP, UDP and spoofed-packet flood attacks. The size of a volume-based attack is generally measured in bits per second (bps).
In Network based DDoS attacks, the attacker sends large number of packets to target network infrastructures and infrastructure management tools. These protocol attacks include SYN floods and Smurf DDoS, among others, and their size is measured in packets per second (PPS).
Application layer attacks are conducted by flooding applications with maliciously crafted requests. It includes disrupting transactions and access to databases. It can disrupt services such as the retrieval of data or information on a website. The size of application-layer attacks is measured in requests per second (RPS).
How to Identify DDoS
While doing the network monitoring, everyone should check as below;
- If there are any unexpected amounts of traffic originating from a single IP address or IP range.
- Odd traffic patterns.
- A traffic flood from single geo location or source.
Several DDoS Solutions are there to mitigate the DDoS now a days. The solution should be bundled of features to tackle the present as well as upcoming threats. Below are some list of features that can be customized in the solution before deployment.
- The solution should provide both inbound and outbound DDoS protection.
- Should be capable to mitigate and detect both inbound and outbound traffic.
- Should support Symmetric and Asymmetric Traffic flows.
- Must have IP reputation feed that describes that describes suspicious traffic blacklisted IPs, Botnet protection and Phishing.
- Solution should have a feature to blacklist and whitelist traffic.
- Real time signature to protect against zero-day attacks including ability to create real time signatures of DNS based attacks.
- Detect misuse of application protocols in the network like HTTP/POP3/STP/SIP/SMTP.
- Protection from Sophisticated DNS attacks including out of the box mitigation for NXdomain attacks.
Top Distributed Denial of Service (DDoS) Protection Vendors
Radware, Impereva, Arbor Networks, F5, Verisign, Akamai, etc.
No comments:
Post a Comment