DDoS mitigation is a set of techniques or tools for resisting or mitigating the impact of distributed denial-of-service (DDoS) attacks on networks attached to the Internet by protecting the target and relay networks. DDoS attacks are a constant threat to businesses and organizations by threatening service performance or to shut down a website entirely, even for a short time.
The first things to do in DDoS mitigation is to identify normal conditions for network traffic by defining "traffic patterns", which is necessary for threat detection and alerting. DDoS mitigation also requires identifying incoming traffic to separate human traffic from human-like bots and hijacked web browsers. The process is done by comparing signatures and examining different attributes of the traffic, including IP addresses, cookie variations, HTTP headers, and Javascript footprints.
One technique is to pass network traffic addressed to a potential target network through high-capacity networks with "traffic scrubbing" filters.
Manual DDoS mitigation is no longer recommended due to DDoS attackers being able to circumvent DDoS mitigation software that is activated manually. Best practices for DDoS mitigation include having both anti-DDoS technology and anti-DDoS emergency response services such as Arbor Networks, Incapsula, Allot, Akamai, CloudFlare or Radware. DDoS mitigation is also available through cloud-based providers.
Video DDoS mitigation
Methods of attack
DDoS attacks are executed against websites and networks of selected victims. A number of vendors are offering "DDoS resistant" hosting services, mostly based on techniques similar to content delivery networks. Distribution avoids single point of congestion and prevents the DDoS attack from concentrating on a single target.
One technique of DDoS attacks is to use misconfigured third-party networks that allow amplification of spoofed UDP packets. Proper configuration of network equipment, enabling ingress filtering and egress filtering, as documented in BCP 38 and RFC 6959, prevents amplification and spoofing, thus reducing the number of relay networks available to attackers.
Maps DDoS mitigation
See also
- Internet security
- Web threat
- Vulnerability (computing)
References
Source of article : Wikipedia