Wednesday, December 31, 2014

DoS / DDoS Attacks





DoS/DDoS, one of the most frequent attacks in the world.
Also known as "Flood Attacks".

Flood Attacks are 

  1. SYN Flood
  2. UDP Flood
  3. ICMP Flood
  4. ICMPv6 Flood
  5. Other IP Flood


  • DoS    = Denial-of-Service, attack launch from single device to single TARGET.
  • DDoS = Distributed Denial-of-Service, attacks launch from multiple devices to a single TARGET (multiple locations, multiple peoples may involve.)
  • TARGET = server (or) network with reachable public ip (web-server, website, application-server, ...)

Attacker tools:
  • ping
  • botnet
  • ...

Mitigation Techniques:
  1. Limit the maximum numbers of connections
  2. Limit the size of incoming packet (ping request)
  3. Block known attacker's IP address/addresses (public IP)
  4. Implement IPS with DoS/DDoS signature
  5. Enable Flood Protection 
  6. The easiest way is implement the DOS/DDOS aware security box. (many products available in the market)

Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)