Preventing Enterprise Networks from DDoS Attacks
A denial-of-service (DoS) attack is sending the overwhelming data requests to a targeted system. The attacker attempts to exhaust normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic, and eventually the attack prevents normal traffic from arriving at its destination.
DDoS attack is similar to DoS attack, yet it is launched from numerous compromised computer systems as slave computers, often distributed globally in what are referred to as zombies or bots. In a DDoS attack, the attacker has remote control over a group of bots, which is called a botnet. Once a botnet has been established, the attacker (or botmaster) is able to direct the comprised machines by sending updated instructions to each bot through a command and control server. When the IP address of a victim is targeted, each bot will respond by sending requests to the target, potentially causing the targeted server or network to overflow capacity, leading to a denial-of-service to normal traffic.
> DDoS Attack Prevention
DDoS Attack Prevention
Q-Balancer DDoS attack prevention is incorporated with the ability to detect and filter malicious traffic, resisting or preventing the impact of DDoS attacks on business networks. Q-Balancer DDoS attack prevention protects enterprise network against the most commonly used DDoS attacks below:
> UDP Flooding
A UDP flooding, by definition, is any DDoS attack that floods a target with UDP packets. The goal of the attack is to flood random ports on a remote host. This causes the host to repeatedly check for the application listening at that port, and (when no application is found) reply with an ICMP ‘Destination Unreachable’ packet. This process exhausts host resources, which can ultimately lead to inaccessibility.
> ICMP Flooding
Just like the UDP flooding attack, an ICMP flooding overwhelms the target system with ICMP Echo Request packets, generally sending packets as fast as possible without waiting for replies. Other than system resources the ICMP flooding attack can consume both outgoing and incoming bandwidth, since the target systems will often attempt to respond with ICMP Echo Reply packets, resulting in a significant overall system slowdown.
> SYN Flooding
In a SYN Flooding attack, the attacker uses the TCP connection sequence to make the target system unavailable. The attacker sends SYN requests to the target system which then responds with a SYN-ACK response. The sender is then supposed to respond with an ACK response but instead the attacker doesn’t respond (or uses a spoofed IP address to send SYN requests instead). The target system continues to wait for acknowledgement for each of the requests, binding resources until no new connections can be made, and ultimately resulting in denial of service.
> HTTP Flooding
In a HTTP Flooding attack the attacker users HTTP GET or POST requests to launch an assault on an individual web server or application. HTTP floodings are a Layer 7 attack and don’t use malformed or spoofed packets, and require less bandwidth than other attacks to bring down the target system or server. The attack is most effective when it forces the server or application to allocate the maximum resources possible in response to every single request.
