DDoS prevention and mitigation

There are many DDoS prevention and mitigation products. Many of these products work at the network level, filtering out malicious packets.

For example, Guard-Host states that it provides:

  • a mitigation solution based on VAC technology

    • Analyse all packets at high speed in real time
    • Vacuum your server’s incoming traffic
    • Mitigate i.e. singling out all the illegitimate IP packets, while allowing legitimate ones to pass through
  •  “To detect the attack, we use the netflow sent by the routers and analysed by the Arbor Peakflow boxes. Each router sends a summary of 1/2000 of the traffic that is actually passing through it. The Arbor Peakflow boxes analyse this and compare it to the attack signatures. If the comparison is positive, mitigation is activated within seconds.
  • The signatures analysed are based on traffic thresholds of
    • “packets per second” (pps, Kpps, Mpps, Gpps) or
    • “bits per second” (bps, Kbps, Mbps, Gbps) on certain packet types”

DDoS attack types

For example, Guard-Host acknowledges the following DDoS attack types:

DDoS Attack Types

DDoS Attack Types

Mitigation phase

In the following diagram, the packets in the red area are flagged as belonging to a DDoS attack and are thus discarded and not sent to the server under attack.

Attack detection

References

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s