DDOS Attack - Gurzu Nepal

GurzuInc
GurzuInc
DDOS Attack - Gurzu Nepal
DDOS Attack - Gurzu Nepal
DDOS Attack - Gurzu Nepal
DDOS Attack - Gurzu Nepal
DDOS Attack - Gurzu Nepal
DDOS Attack - Gurzu Nepal
DDOS Attack - Gurzu Nepal
DDOS Attack - Gurzu Nepal
DDOS Attack - Gurzu Nepal
3 TYPES 1. Application-Layer Attacks 2. Protocol Attacks 3. Volumetric Attacks
APPLICATION-LAYER ATTACKS • Targets and disrupts a specific app, not an entire network. • A hacker generates a high number of HTTP requests that exhaust the target server's ability to respond. • Challenging to prevent as it is difficult to distinguish between legitimate and malicious HTTP requests.
PROTOCOL ATTACKS • Also known as network-layer attacks. • Exploit weaknesses in the protocols or procedures that govern internet communications. • Use spoofing to create an infinite loop of requests until the system crashes.
VOLUMETRIC ATTACKS • Consumes a target's available bandwidth with false data requests and creates network congestion. • Most common type of this attack is the DNS amplification attack. • All volumetric attacks rely on botnets. • Volumetric attacks are the most common type of DDoS.
USUAL DDOS SYMPTOMS • Large amounts of traffic coming from clients with same or similar characteristics. E.g. device type, browser type/version, IP or IP range, and location etc. • An exponential, unexpected rise in traffic at a single endpoint/server. • A server starts repeatedly crashing for no reason. • Your website is taking too long to respond to requests.
RESPONDING TO A DDOS ATTACK •Blackhole filtering:Go through incoming traffic and determine a limitation criterion. Use the criterion to route malicious traffic into a blackhole, essentially dropping it. •Casting:Distribute the traffic across multiple servers, increasing your capacity, and decreasing the chances of individual servers getting overwhelmed. •IP Blocking: If you are noticing unexpectedly high traffic from the same range of IP addresses, block them.
PREVENTING DDOS ATTACKS •Real-time packet analysis: Analyze packets based on different rules, as they enter your system, discarding the potentially malicious ones. •DDoS defense system (DDS): A DDS can detect legitimate-looking content with malicious intent. It protects against both protocol and volumetric attacks, without requiring any human intervention. •Web application firewall:Web application firewalls (WAF) are a great tool to mitigate application layer DDoS attacks. They give you a way to filter incoming requests, based on different rules, which can also be added on-the-fly, in response to an attack. •Rate limiting:Limit the number of requests a server can entertain over a certain time period.
Thank you
1 of 17

DDOS Attack - Gurzu Nepal

Download to read offline
Technology

Distributed Denial of Service, or DDoS is a cyber attack that makes a network, server, or a website unavailable by flooding it with traffic from multiple sources at the same time. In a DDoS attack, a large number of compromised devices or bots are used to flood the target system with traffic, disrupting its ability to function properly. This attack can result in serious consequences such as lost revenue, damaged reputation, and compromised security. In the second chapter of Knowledge Ketchup at Gurzu, Engineer Aadit Shrestha talked briefly about DDoS attack.

GurzuInc
GurzuInc

Recommended

Session for InfoSecGirls - New age threat management vol 1 by
Session for InfoSecGirls - New age threat management vol 1Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1InfoSec Girls
155 views16 slides
Denial of service by
Denial of serviceDenial of service
Denial of servicegarishma bhatia
1.8K views25 slides
Types of attack by
Types of attackTypes of attack
Types of attackRajuPrasad33
43 views13 slides
DDoS Mitigation Techniques for Your Enterprise IT Network by
DDoS Mitigation Techniques for Your Enterprise IT NetworkDDoS Mitigation Techniques for Your Enterprise IT Network
DDoS Mitigation Techniques for Your Enterprise IT NetworkHaltdos
116 views1 slide
DDOS ATTACKS by
DDOS ATTACKSDDOS ATTACKS
DDOS ATTACKSShaurya Gogia
1.2K views23 slides
DoS/DDoS by
DoS/DDoSDoS/DDoS
DoS/DDoSVihari Piratla
1.2K views24 slides

More Related Content

Similar to DDOS Attack - Gurzu Nepal

Ddos- distributed denial of service by
Ddos- distributed denial of service Ddos- distributed denial of service
Ddos- distributed denial of service laxmi chandolia
214 views24 slides
IRJET- DDOS Detection System using C4.5 Decision Tree Algorithm by
IRJET- DDOS Detection System using C4.5 Decision Tree AlgorithmIRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET- DDOS Detection System using C4.5 Decision Tree AlgorithmIRJET Journal
29 views5 slides
Information Security Systems by
Information Security SystemsInformation Security Systems
Information Security SystemsEyad Mhanna
273 views16 slides
Denial of service by
Denial of serviceDenial of service
Denial of serviceSaritaTripathy4
95 views7 slides
A10 issa d do s 5-2014 by
A10 issa d do s 5-2014A10 issa d do s 5-2014
A10 issa d do s 5-2014Raleigh ISSA
1.8K views32 slides
security in IOT.pptx by
security in IOT.pptxsecurity in IOT.pptx
security in IOT.pptxTulasi72
3 views104 slides

Similar to DDOS Attack - Gurzu Nepal(20)

Ddos- distributed denial of service by laxmi chandolia
Ddos- distributed denial of service Ddos- distributed denial of service
Ddos- distributed denial of service
laxmi chandolia214 views
IRJET- DDOS Detection System using C4.5 Decision Tree Algorithm by IRJET Journal
IRJET- DDOS Detection System using C4.5 Decision Tree AlgorithmIRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET Journal29 views
Information Security Systems by Eyad Mhanna
Information Security SystemsInformation Security Systems
Information Security Systems
Eyad Mhanna273 views
Denial of service by SaritaTripathy4
Denial of serviceDenial of service
Denial of service
SaritaTripathy495 views
A10 issa d do s 5-2014 by Raleigh ISSA
A10 issa d do s 5-2014A10 issa d do s 5-2014
A10 issa d do s 5-2014
Raleigh ISSA1.8K views
security in IOT.pptx by Tulasi72
security in IOT.pptxsecurity in IOT.pptx
security in IOT.pptx
Tulasi723 views
Basics of Denial of Service Attacks by Hansa Nidushan
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service Attacks
Hansa Nidushan17.3K views
DoS Attack - Incident Handling by Marcelo Silva
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident Handling
Marcelo Silva4.9K views
Aleksei zaitchenkov slides about DOS Attacks by Dipesh Karade
Aleksei zaitchenkov slides about DOS AttacksAleksei zaitchenkov slides about DOS Attacks
Aleksei zaitchenkov slides about DOS Attacks
Dipesh Karade145 views
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB... by IJNSA Journal
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
IJNSA Journal11 views
Cyber Security Terms by Suryaprakash Nehra
Cyber Security TermsCyber Security Terms
Cyber Security Terms
Suryaprakash Nehra1.5K views
Protecting your business from ddos attacks by Saptha Wanniarachchi
Protecting your business from ddos attacksProtecting your business from ddos attacks
Protecting your business from ddos attacks
Saptha Wanniarachchi1.2K views
BOTNET by SOHITGOBINDAMSHAW
BOTNETBOTNET
BOTNET
SOHITGOBINDAMSHAW33 views
INTERNET SECURITY SYSTEM by Bhushan Gajare
INTERNET SECURITY SYSTEMINTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEM
Bhushan Gajare179 views
Whitepaper on DDoS Mitigation by Gaurav Bhatia
Whitepaper on DDoS MitigationWhitepaper on DDoS Mitigation
Whitepaper on DDoS Mitigation
Gaurav Bhatia1.2K views
Denial of Service Attacks (DoS/DDoS) by Gaurav Sharma
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)
Gaurav Sharma2.2K views
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali by Marta Pacyga
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
Marta Pacyga1.1K views
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali by PROIDEA
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PROIDEA115 views
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi by Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Professor Lili Saghafi704 views
Adarsh-PPT-FCF-12-thm.ppt by Fridha2
Adarsh-PPT-FCF-12-thm.pptAdarsh-PPT-FCF-12-thm.ppt
Adarsh-PPT-FCF-12-thm.ppt
Fridha28 views

More from GurzuInc

Power of documentation | Aarati Shah | Gurzu.pdf by
Power of documentation | Aarati Shah | Gurzu.pdfPower of documentation | Aarati Shah | Gurzu.pdf
Power of documentation | Aarati Shah | Gurzu.pdfGurzuInc
2 views8 slides
The Art of Refactoring | Asmit Ghimire | Gurzu.pdf by
The Art of Refactoring | Asmit Ghimire | Gurzu.pdfThe Art of Refactoring | Asmit Ghimire | Gurzu.pdf
The Art of Refactoring | Asmit Ghimire | Gurzu.pdfGurzuInc
5 views14 slides
I'm Programmer _ Ganesh Kunwar _ Gurzu.pdf by
I'm Programmer _ Ganesh Kunwar _ Gurzu.pdfI'm Programmer _ Ganesh Kunwar _ Gurzu.pdf
I'm Programmer _ Ganesh Kunwar _ Gurzu.pdfGurzuInc
3 views7 slides
Obtaining Your Tax Clearance Certificate_ A Quick Guide | Deepak Rai | Gurzu.pdf by
Obtaining Your Tax Clearance Certificate_ A Quick Guide | Deepak Rai | Gurzu.pdfObtaining Your Tax Clearance Certificate_ A Quick Guide | Deepak Rai | Gurzu.pdf
Obtaining Your Tax Clearance Certificate_ A Quick Guide | Deepak Rai | Gurzu.pdfGurzuInc
15 views13 slides
Problem Solving Skill - Bishal Sapkota - Gurzu by
Problem Solving Skill - Bishal Sapkota - GurzuProblem Solving Skill - Bishal Sapkota - Gurzu
Problem Solving Skill - Bishal Sapkota - GurzuGurzuInc
16 views27 slides
My experience with Mobile Testing - Asmita Poudel - Gurzu by
My experience with Mobile Testing - Asmita Poudel - GurzuMy experience with Mobile Testing - Asmita Poudel - Gurzu
My experience with Mobile Testing - Asmita Poudel - GurzuGurzuInc
5 views14 slides

More from GurzuInc(17)

Power of documentation | Aarati Shah | Gurzu.pdf by GurzuInc
Power of documentation | Aarati Shah | Gurzu.pdfPower of documentation | Aarati Shah | Gurzu.pdf
Power of documentation | Aarati Shah | Gurzu.pdf
GurzuInc2 views
The Art of Refactoring | Asmit Ghimire | Gurzu.pdf by GurzuInc
The Art of Refactoring | Asmit Ghimire | Gurzu.pdfThe Art of Refactoring | Asmit Ghimire | Gurzu.pdf
The Art of Refactoring | Asmit Ghimire | Gurzu.pdf
GurzuInc5 views
I'm Programmer _ Ganesh Kunwar _ Gurzu.pdf by GurzuInc
I'm Programmer _ Ganesh Kunwar _ Gurzu.pdfI'm Programmer _ Ganesh Kunwar _ Gurzu.pdf
I'm Programmer _ Ganesh Kunwar _ Gurzu.pdf
GurzuInc3 views
Obtaining Your Tax Clearance Certificate_ A Quick Guide | Deepak Rai | Gurzu.pdf by GurzuInc
Obtaining Your Tax Clearance Certificate_ A Quick Guide | Deepak Rai | Gurzu.pdfObtaining Your Tax Clearance Certificate_ A Quick Guide | Deepak Rai | Gurzu.pdf
Obtaining Your Tax Clearance Certificate_ A Quick Guide | Deepak Rai | Gurzu.pdf
GurzuInc15 views
Problem Solving Skill - Bishal Sapkota - Gurzu by GurzuInc
Problem Solving Skill - Bishal Sapkota - GurzuProblem Solving Skill - Bishal Sapkota - Gurzu
Problem Solving Skill - Bishal Sapkota - Gurzu
GurzuInc16 views
My experience with Mobile Testing - Asmita Poudel - Gurzu by GurzuInc
My experience with Mobile Testing - Asmita Poudel - GurzuMy experience with Mobile Testing - Asmita Poudel - Gurzu
My experience with Mobile Testing - Asmita Poudel - Gurzu
GurzuInc5 views
Upgrading Services _ Ashraya Tuldhar _ Knowledge ketchup.pptx by GurzuInc
Upgrading Services _ Ashraya Tuldhar _ Knowledge ketchup.pptxUpgrading Services _ Ashraya Tuldhar _ Knowledge ketchup.pptx
Upgrading Services _ Ashraya Tuldhar _ Knowledge ketchup.pptx
GurzuInc2 views
The real definition of done (1).pptx.pdf by GurzuInc
The real definition of done (1).pptx.pdfThe real definition of done (1).pptx.pdf
The real definition of done (1).pptx.pdf
GurzuInc6 views
Fantastic Blogs and How to Write Them | Alaka Acharya.pptx by GurzuInc
Fantastic Blogs and How to Write Them | Alaka Acharya.pptxFantastic Blogs and How to Write Them | Alaka Acharya.pptx
Fantastic Blogs and How to Write Them | Alaka Acharya.pptx
GurzuInc11 views
The power of saying no | Abinash Bhattarai | Gurzu.pdf by GurzuInc
The power of saying no | Abinash Bhattarai | Gurzu.pdfThe power of saying no | Abinash Bhattarai | Gurzu.pdf
The power of saying no | Abinash Bhattarai | Gurzu.pdf
GurzuInc41 views
Hotwire and Turbo - Knowledge Ketchup - Prajit Bhandari.pdf by GurzuInc
Hotwire and Turbo - Knowledge Ketchup - Prajit Bhandari.pdfHotwire and Turbo - Knowledge Ketchup - Prajit Bhandari.pdf
Hotwire and Turbo - Knowledge Ketchup - Prajit Bhandari.pdf
GurzuInc47 views
Automation Testing - G1 conference Ch13.pptx by GurzuInc
Automation Testing - G1 conference Ch13.pptxAutomation Testing - G1 conference Ch13.pptx
Automation Testing - G1 conference Ch13.pptx
GurzuInc17 views
CSS 101 - G1 conference Gurzu.pptx by GurzuInc
CSS 101 - G1 conference Gurzu.pptxCSS 101 - G1 conference Gurzu.pptx
CSS 101 - G1 conference Gurzu.pptx
GurzuInc10 views
Discussion Regarding benefits on taxes on income from employment.pptx by GurzuInc
Discussion Regarding benefits on taxes on income from employment.pptxDiscussion Regarding benefits on taxes on income from employment.pptx
Discussion Regarding benefits on taxes on income from employment.pptx
GurzuInc7 views
How not to Model Data - G1 conference.pptx by GurzuInc
How not to Model Data - G1 conference.pptxHow not to Model Data - G1 conference.pptx
How not to Model Data - G1 conference.pptx
GurzuInc9 views
API Testing.pptx by GurzuInc
API Testing.pptxAPI Testing.pptx
API Testing.pptx
GurzuInc26 views
Building CI_CD for Mobile Development.pptx by GurzuInc
Building CI_CD for Mobile Development.pptxBuilding CI_CD for Mobile Development.pptx
Building CI_CD for Mobile Development.pptx
GurzuInc9 views

Recently uploaded

Kyo - Functional Scala 2023.pdf by
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdfFlavio W. Brasil
418 views92 slides
Democratising digital commerce in India-Report by
Democratising digital commerce in India-ReportDemocratising digital commerce in India-Report
Democratising digital commerce in India-ReportKapil Khandelwal (KK)
20 views161 slides
Igniting Next Level Productivity with AI-Infused Data Integration Workflows by
Igniting Next Level Productivity with AI-Infused Data Integration Workflows Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows Safe Software
317 views86 slides
The Forbidden VPN Secrets.pdf by
The Forbidden VPN Secrets.pdfThe Forbidden VPN Secrets.pdf
The Forbidden VPN Secrets.pdfMariam Shaba
20 views72 slides
STPI OctaNE CoE Brochure.pdf by
STPI OctaNE CoE Brochure.pdfSTPI OctaNE CoE Brochure.pdf
STPI OctaNE CoE Brochure.pdfmadhurjyapb
14 views1 slide
Unit 1_Lecture 2_Physical Design of IoT.pdf by
Unit 1_Lecture 2_Physical Design of IoT.pdfUnit 1_Lecture 2_Physical Design of IoT.pdf
Unit 1_Lecture 2_Physical Design of IoT.pdfStephenTec
15 views36 slides

Recently uploaded(20)

Kyo - Functional Scala 2023.pdf by Flavio W. Brasil
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdf
Flavio W. Brasil418 views
Democratising digital commerce in India-Report by Kapil Khandelwal (KK)
Democratising digital commerce in India-ReportDemocratising digital commerce in India-Report
Democratising digital commerce in India-Report
Kapil Khandelwal (KK)20 views
Igniting Next Level Productivity with AI-Infused Data Integration Workflows by Safe Software
Igniting Next Level Productivity with AI-Infused Data Integration Workflows Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Safe Software317 views
The Forbidden VPN Secrets.pdf by Mariam Shaba
The Forbidden VPN Secrets.pdfThe Forbidden VPN Secrets.pdf
The Forbidden VPN Secrets.pdf
Mariam Shaba20 views
STPI OctaNE CoE Brochure.pdf by madhurjyapb
STPI OctaNE CoE Brochure.pdfSTPI OctaNE CoE Brochure.pdf
STPI OctaNE CoE Brochure.pdf
madhurjyapb14 views
Unit 1_Lecture 2_Physical Design of IoT.pdf by StephenTec
Unit 1_Lecture 2_Physical Design of IoT.pdfUnit 1_Lecture 2_Physical Design of IoT.pdf
Unit 1_Lecture 2_Physical Design of IoT.pdf
StephenTec15 views
Melek BEN MAHMOUD.pdf by MelekBenMahmoud
Melek BEN MAHMOUD.pdfMelek BEN MAHMOUD.pdf
Melek BEN MAHMOUD.pdf
MelekBenMahmoud17 views
Ransomware is Knocking your Door_Final.pdf by Security Bootcamp
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdf
Security Bootcamp66 views
"Surviving highload with Node.js", Andrii Shumada by Fwdays
"Surviving highload with Node.js", Andrii Shumada "Surviving highload with Node.js", Andrii Shumada
"Surviving highload with Node.js", Andrii Shumada
Fwdays33 views
Mini-Track: Challenges to Network Automation Adoption by Network Automation Forum
Mini-Track: Challenges to Network Automation AdoptionMini-Track: Challenges to Network Automation Adoption
Mini-Track: Challenges to Network Automation Adoption
Network Automation Forum17 views
20231123_Camunda Meetup Vienna.pdf by Phactum Softwareentwicklung GmbH
20231123_Camunda Meetup Vienna.pdf20231123_Camunda Meetup Vienna.pdf
20231123_Camunda Meetup Vienna.pdf
Phactum Softwareentwicklung GmbH45 views
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas... by Bernd Ruecker
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
Bernd Ruecker48 views
Future of AR - Facebook Presentation by Rob McCarty
Future of AR - Facebook PresentationFuture of AR - Facebook Presentation
Future of AR - Facebook Presentation
Rob McCarty22 views
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors by sugiuralab
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective SensorsTouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors
sugiuralab23 views
STKI Israeli Market Study 2023 corrected forecast 2023_24 v3.pdf by Dr. Jimmy Schwarzkopf
STKI Israeli Market Study 2023 corrected forecast 2023_24 v3.pdfSTKI Israeli Market Study 2023 corrected forecast 2023_24 v3.pdf
STKI Israeli Market Study 2023 corrected forecast 2023_24 v3.pdf
Dr. Jimmy Schwarzkopf24 views
"Running students' code in isolation. The hard way", Yurii Holiuk by Fwdays
"Running students' code in isolation. The hard way", Yurii Holiuk "Running students' code in isolation. The hard way", Yurii Holiuk
"Running students' code in isolation. The hard way", Yurii Holiuk
Fwdays24 views
HTTP headers that make your website go faster - devs.gent November 2023 by Thijs Feryn
HTTP headers that make your website go faster - devs.gent November 2023HTTP headers that make your website go faster - devs.gent November 2023
HTTP headers that make your website go faster - devs.gent November 2023
Thijs Feryn26 views
virtual reality.pptx by G036GaikwadSnehal
virtual reality.pptxvirtual reality.pptx
virtual reality.pptx
G036GaikwadSnehal18 views
Future of Indian ConsumerTech by Kapil Khandelwal (KK)
Future of Indian ConsumerTechFuture of Indian ConsumerTech
Future of Indian ConsumerTech
Kapil Khandelwal (KK)24 views
The Research Portal of Catalonia: Growing more (information) & more (services) by CSUC - Consorci de Serveis Universitaris de Catalunya
The Research Portal of Catalonia: Growing more (information) & more (services)The Research Portal of Catalonia: Growing more (information) & more (services)
The Research Portal of Catalonia: Growing more (information) & more (services)
CSUC - Consorci de Serveis Universitaris de Catalunya115 views

DDOS Attack - Gurzu Nepal

  • 10. 3 TYPES 1. Application-Layer Attacks 2. Protocol Attacks 3. Volumetric Attacks
  • 11. APPLICATION-LAYER ATTACKS • Targets and disrupts a specific app, not an entire network. • A hacker generates a high number of HTTP requests that exhaust the target server's ability to respond. • Challenging to prevent as it is difficult to distinguish between legitimate and malicious HTTP requests.
  • 12. PROTOCOL ATTACKS • Also known as network-layer attacks. • Exploit weaknesses in the protocols or procedures that govern internet communications. • Use spoofing to create an infinite loop of requests until the system crashes.
  • 13. VOLUMETRIC ATTACKS • Consumes a target's available bandwidth with false data requests and creates network congestion. • Most common type of this attack is the DNS amplification attack. • All volumetric attacks rely on botnets. • Volumetric attacks are the most common type of DDoS.
  • 14. USUAL DDOS SYMPTOMS • Large amounts of traffic coming from clients with same or similar characteristics. E.g. device type, browser type/version, IP or IP range, and location etc. • An exponential, unexpected rise in traffic at a single endpoint/server. • A server starts repeatedly crashing for no reason. • Your website is taking too long to respond to requests.
  • 15. RESPONDING TO A DDOS ATTACK •Blackhole filtering:Go through incoming traffic and determine a limitation criterion. Use the criterion to route malicious traffic into a blackhole, essentially dropping it. •Casting:Distribute the traffic across multiple servers, increasing your capacity, and decreasing the chances of individual servers getting overwhelmed. •IP Blocking: If you are noticing unexpectedly high traffic from the same range of IP addresses, block them.
  • 16. PREVENTING DDOS ATTACKS •Real-time packet analysis: Analyze packets based on different rules, as they enter your system, discarding the potentially malicious ones. •DDoS defense system (DDS): A DDS can detect legitimate-looking content with malicious intent. It protects against both protocol and volumetric attacks, without requiring any human intervention. •Web application firewall:Web application firewalls (WAF) are a great tool to mitigate application layer DDoS attacks. They give you a way to filter incoming requests, based on different rules, which can also be added on-the-fly, in response to an attack. •Rate limiting:Limit the number of requests a server can entertain over a certain time period.