Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 Methods of attack 2 Methods of mitigation 3 See also 4 References

DDoS mitigation

●Azərbaycanca ●Deutsch ●Español ●فارسی ●Français ●Português ●中文 Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

DDoS mitigation is a set of network management techniques and/or tools, for resisting or mitigating the impact of distributed denial-of-service (DDoS) attacks on networks attached to the Internet, by protecting the target, and relay networks. DDoS attacks are a constant threat to businesses and organizations, by delaying service performance, or by shutting down a website entirely.^[1]

DDoS mitigation works by identifying baseline conditions for network traffic by analyzing "traffic patterns", to allow threat detection and alerting.^[2] DDoS mitigation also requires identifying incoming traffic, to separate human traffic from human-like bots and hijacked web browsers. This process involves comparing signatures and examining different attributes of the traffic, including IP addresses, cookie variations, HTTP headers, and browser fingerprints.

After the detection is made, the next process is filtering. Filtering can be done through anti-DDoS technology like connection tracking, IP reputation lists, deep packet inspection, blacklisting/whitelisting, or rate limiting.^[3]^[4]

One technique is to pass network traffic addressed to a potential target network through high-capacity networks, with "traffic scrubbing" filters.^[2]

Manual DDoS mitigation is no longer recommended, due to the size of attacks often outstripping the human resources available in many firms/organizations.^[5] Other methods to prevent DDoS attacks can be implemented, such as on-premises and/or cloud-based solution providers. On-premises mitigation technology (most commonly a hardware device) is often placed in front of the network. This would limit the maximum bandwidth available to what is provided by the Internet service provider.^[6] Common methods involve hybrid solutions, by combining on-premises filtering with cloud-based solutions.^[7]

Methods of attack[edit]

DDoS attacks are executed against websites and networks of selected victims. A number of vendors offer "DDoS-resistant" hosting services, mostly based on techniques similar to content delivery networks. Distribution avoids a single point of congestion and prevents the DDoS attack from concentrating on a single target.

One technique of DDoS attacks is to use misconfigured third-party networks, allowing the amplification^[8]ofspoofed UDP packets. Proper configuration of network equipment, enabling ingress filtering and egress filtering, as documented in BCP 38^[9] and RFC 6959,^[10] prevents amplification and spoofing, thus reducing the number of relay networks available to attackers.

Methods of mitigation[edit]

Use of Client Puzzle Protocol, or Guided tour puzzle protocol
Use of Content Delivery Network
Blacklist of IP addresses
Use of Intrusion detection system and Firewall

References[edit]

^ Gaffan, Marc (20 December 2012). "The 5 Essentials of DDoS Mitigation". Wired.com. Retrieved 25 March 2014.

^ ^a ^b Paganini, Pierluigi (10 June 2013). "Choosing a DDoS mitigation solution…the cloud based approach". Cyber Defense Magazine. Retrieved 25 March 2014.

^ Geere, Duncan (27 April 2012). "How deep packet inspection works". Wired.com. Retrieved 12 June 2018.

^ Patterson, Dan (9 March 2017). "Deep packet inspection: The smart person's guide". Techrepublic.com. Retrieved 12 June 2018.

^ Tan, Francis (2 May 2011). "DDoS attacks: Prevention and Mitigation". The Next Web. Retrieved 25 March 2014.

^ Leach, Sean (17 September 2013). "Four ways to defend against DDoS attacks". Networkworld.com. Archived from the original on 12 June 2018. Retrieved 12 June 2018.

^ Schmitt, Robin (2 September 2017). "Choosing the right DDoS solution". Enterpriseinnovation.net. Archived from the original on 12 June 2018. Retrieved 12 June 2018.

^ Rossow, Christian. "Amplification DDoS".

^ Senie, Daniel; Ferguson, Paul (2000). "Network Ingress Filtering: IP Source Address Spoofing". IETF.

^ McPherson, Danny R.; Baker, Fred; Halpern, Joel M. (2013). "Source Address Validation Improvement (SAVI) Threat Scope". IETF. doi:10.17487/RFC6959. {{cite journal}}: Cite journal requires |journal= (help)

Retrieved from "https://en.wikipedia.org/w/index.php?title=DDoS_mitigation&oldid=1231348040" Categories: ●Computer network security ●System administration ●Denial-of-service attacks ●Cyberwarfare Hidden categories: ●CS1 errors: missing periodical ●Articles with short description ●Short description is different from Wikidata ●This page was last edited on 27 June 2024, at 20:47 (UTC). ●Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. ●Privacy policy ●About Wikipedia ●Disclaimers ●Contact Wikipedia ●Code of Conduct ●Developers ●Statistics ●Cookie statement ●Mobile view