Guard Against DoS and DDoS Attacks
Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are assaults on a network that flood it with so many additional requests that regular traffic is either slowed or completely interrupted. Unlike single bullet intrusion attacks (such as a worm or Trojan) which cause information damage or leakage, DoS attacks disrupt the availability of network resources and can interrupt network service for a long period of time.
Typical victims for DoS attacks are online businesses, carriers and service providers. DoS attacks target revenue-generating organizations by overtaxing link capacity. This costs them both direct and indirect damages. Direct damages include revenue loss or increased network costs. Indirect damages are related to business reputation and increased operational expenses.
The common form of DoS attacks is DDoS attacks, where hackers take advantage of bot-infected, compromised computers to launch large-scale attacks, as shown in the first graphic.
In DDoS attacks, the attacking computer hosts are often personal computers with broadband connections to the Internet that have been compromised by viruses or Trojan programs called Bots. (The compromised computers are usually referred to as “zombies"). Perpetrators of an attack remotely control the zombies and direct the attack, often through a BotNet command and control (C&C) channel such as an Internet Relay Chat (IRC) room. By combining the many existing variants of the same tool/attack and with enough slave hosts, the victims of DDoS attacks are large websites, root servers, large enterprises and ISPs who require massive bandwidth for their services to be disrupted.
DDoS tools are extremely easy to develop, with propagation and seeding achieved through a range of resources including IRC, P2P, email worms, malicious websites and social engineering. The results of such DDoS attack are devastating, ranging from service slowdowns to complete service shutdowns for hours – or days.
Learn more about Radware Attack Mitigation Systems with our white paper.
Your First Line of Defense: APSolute® OS DoS Protection
The main challenge in mitigating DoS and DDoS attacks is to detect traffic anomalies and filter out only the attack traffic while maintaining the uninterrupted flow of legitimate traffic. Filtering out malicious traffic must be performed with caution, particularly since false positives may occur which could block real user traffic.
Radware’s APSolute OS offers a DoS protection module that is unique in its ability to rapidly and accurately distinguish between three broad categories of behavior: legitimate normal traffic, attack traffic and unusual patterns created by legitimate activity. This module has two features to provide this protection.
- A behavioral-DoS feature which rapidly mitigates zero-day DoS/DDoS attacks by automatically generating real-time signatures to prevent the attack without need for human intervention
- A DoS Shield feature which protects against known DoS/DDoS floods
Blocked flood attacks include
- TCP SYN floods
- TCP Push, Fin and Reset floods
- UDP and DNS floods
- ICMP and IGMP floods
The implementation of effective Denial of Service protection will help to guard a network against those attacks which inhibit or stop network availability. With Radware's DoS protection software and other network security solutions, businesses will be able to provide legitimate traffic with uninterrupted network access, while filtering out potential threats.