Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
Practical steps to mitigate DDoS attacks


10 DDoS Mitigation Techniques

This presentation discusses 10 state-of-the-art DDoS mitigation techniques.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

10 DDoS Mitigation Techniques

  1. 1. Hemant Jain’s 10 DDoS Mitigation Techniques
  2. 2. 1. SYN Proxy <ul><li>SYN Proxy is a mechanism, usually performed by gateway appliances that sit before the actual server and proxy the responses. </li></ul><ul><li>Until the spoofed IP or un-spoofed IP addresses respond with the ACK, the connection requests are not forwarded. </li></ul><ul><li>This ensures that under SYN flood, all connection requests are screened and only those that are legitimate are forwarded. </li></ul>
  3. 3. 2. Connection Limiting <ul><li>Too many connections can cause a server to be overloaded. By limiting the number of new connection requests, you can temporarily give the server respite. </li></ul><ul><li>This is done by giving preference to existing connections and limiting the new connection requests. </li></ul>
  4. 4. 3. Aggressive aging <ul><li>When idle connections fill up the connection tables in firewall and servers, you can provide some relief to them by aggressive aging. </li></ul><ul><li>Aggressive aging involves removing connections from the tables and may also involve sending a TCP RST packet to the server/firewall. </li></ul>
  5. 5. 4. Source Rate Limiting <ul><li>Used when there are limited number of IP addresses involved in a DDoS attack. </li></ul><ul><li>By identifying outlier IP addresses that break norms, you can deny them access to excessive bandwidth. </li></ul><ul><li>Since IP addresses in such attacks are not predictable, it is important to keep track of millions of IP addresses and their behavior to isolate outliers. </li></ul>
  6. 6. 5. Dynamic Filtering <ul><li>Static filtering is a commonly achieved using Access Control Lists (ACLs). </li></ul><ul><li>Dynamic filtering is required when the attack and the attackers change constantly. </li></ul><ul><li>Dynamic filtering is performed by identifying undisciplined behavior and punishing that behavior for a short time by creating a short-span filtering rule and removing that rule after that time-span. </li></ul>
  7. 7. 6. Active verification <ul><li>SYN Proxy combined with caching identified legitimate IP addresses in to a memory table for a limited period of time and then letting them go without the SYN proxy check. </li></ul><ul><li>Must be combined with rate limiting zombies which are able to complete 3-way-handshakes to avoid misuse. </li></ul>
  8. 8. 7. Anomaly Recognition <ul><li>Useful for scripted DDoS attacks which vary a few parameters in the network packets. </li></ul><ul><li>By performing anomaly checks on headers, state and rate, an appliance can filter out most attack packets which otherwise would pass simple firewall rules. </li></ul>
  9. 9. 8. Granular Rate Limiting <ul><li>DDoS attacks have some self-similarity among all attack packets in a single attack. </li></ul><ul><li>Granular Rate Limiting is a technique that identifies rate violations from past behavior. </li></ul><ul><li>Rate thresholds are set based on past behavior set during a training session and adjusted adaptively over time. </li></ul>
  10. 10. 9. White-list, Black-list <ul><li>In any network, there will always be some IP addresses that you want to deny or allow. White-listing and Black-listing capability are useful during DDoS attack to ensure that such rules are honored despite rate violations or in spite of rate-violations. </li></ul>
  11. 11. 10. Dark Address Prevention <ul><li>Dark addresses are IP addresses that are not yet assigned by IANA. </li></ul><ul><li>Any packets coming from or going to dark addresses are signs of spoofing. By blocking them, you can block a substantial percentage of DDoS packets that are spoofed. </li></ul>
  12. 12. For More Information <ul><li>IntruGuard is a Leading DDoS Solution vendor. It is globally renowned for its Network Behavior Analysis equipment. </li></ul><ul><li>Contact: IntruGuard </li></ul><ul><li>[email_address] </li></ul><ul><li>+1 408 400 4222 </li></ul><ul><li> </li></ul>
  • RameshG50

    Jun. 13, 2017
  • AnjiChannamsetti

    Feb. 21, 2017
  • amirulsyakilla

    Dec. 20, 2016
  • JohannaEstevez4

    Dec. 15, 2016
  • DineshDRawal

    Dec. 6, 2016
  • Nourbush

    Nov. 14, 2016
  • rkcprince

    Oct. 5, 2016
  • barkat1407

    Feb. 25, 2016
  • GregWiedeman

    Feb. 3, 2016

    Jan. 30, 2016
  • getrefaia

    Oct. 4, 2015
  • PatGelin

    Sep. 9, 2015
  • maomaotan

    Jul. 25, 2015
  • sumeers85

    May. 10, 2015
  • GlennJohnBoquilon

    Apr. 19, 2015
  • EthernLin

    Dec. 5, 2014
  • beherca

    Apr. 27, 2014

    Apr. 21, 2014
  • wahyunasution12

    Oct. 16, 2013
  • osama2727

    Mar. 11, 2013

This presentation discusses 10 state-of-the-art DDoS mitigation techniques.


Total views


On Slideshare


From embeds


Number of embeds