Welcome to Bucaro TecHelp!

Bucaro TecHelp
HTTPS Encryption not required because no account numbers or
personal information is ever requested or accepted by this site

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

Methods to Combat Distributed Denial of Service (DDoS) Attacks

DDOS attacks create a huge burden for businesses. They are costly for businesses, both in terms of lost revenue and added costs. DDoS attack protection plays a fundamental role in keeping businesses online. Here are some of the strategies that are being used to ensure provision of services to the consumer is uninterrupted.

1. At the Firewall level

Network administrators can use simple rules to prevent or let in IPs, protocols or ports. Depending on where the firewall is located in the networks hierarchy, firewalls are well suited to stopping internal flooding attacks even though they may not have the intelligence to determine good traffic.

More complex attacks however are usually hard to sort out because it is not possible to drop all traffic to a port as this may prevent legitimate traffic from getting to the server.

Firewalls that are too deep within the network may not help much because routers may get clogged before the traffic gets to the firewall. However, they form a great defense against simple DDoS attacks.

2. The Switch as a DDOS Mitigation Tool

Switches are usually built with an automatic control list capacity. As a result, they can limit data floods at a system wide level or by traffic shaping, delayed binding or TCP splicing, deep packet inspection and bogon filtering. Traffic or packet shaping delays some or all data bringing them into a desired traffic profile. This is a form of traffic rate limiting. It can be used to increase the usable bandwidth of specific traffic by sacrificing bandwidth access for others. Delayed binding allows a router to receive more routing information for specific traffic by postponing connection between a client and a server.

WM Message: A "bogon" is a packet with an IP address from a reserved address space or from an address space that has not yet been allocated by an Internet authority.

Network administrators can set these parameters manually or use manufacturer default settings.

3. At the Router Level

Network engineers can manually set the rate limiting ability of their router and configure a control list. As a result of these changes, routers can prevent flooding of requests from a DDOS attack, keeping a network accessible to its core users.

4. Intrusion Prevention Systems or IPS based systems

Intrusive prevention systems can be statistical anomaly-based, stateful protocol analysis or signature based. For signature based detection, attack patterns that are known are used to identify similar incoming patterns. Statistical anomaly-based IPS create a baseline and respond when the characteristic baseline is flaunted while stateful protocol analysis detection uses deviations from predefined protocol states to detect activity.

For attacks that have a signature, it is easy to use IPS systems to prevent DDoS Attacks. For such attacks, the malicious content received quickly triggers the system to prevent the passage of suspect data. Some attacks that are hidden under legitimate content can be hard to detect until the attack has proceeded to cripple the network. DDoS attacks can be content or behavior based. Content based intrusion prevention systems cannot block behavior based DDoS attack, and vice versa.

Application specific Integrated Circuit or ASIC Intrusion Prevention Systems can block and detect DDoS attacks based on the fact that they have the processing power and the ability to break down the traffic into its simplest level.

On the other hand, a rate-based IPS or RBIPS system usually analyses the traffic coming into a network to pick out any anomalies but let the legitimate traffic through.

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro

Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2024 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268