C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F

DDoS Mitigation Techiniques

- Schalk Peach

DDoS Attack Categories

DDoS attacks can be classified into five categories6:

  1. Network Device Level Attacks
  2. Operating System Level Attacks
  3. Volume Based Attacks
  4. Protocol Attacks
  5. Application Layer Attacks

From these, the three primary categories utilised in online media are:

  1. Volume Based Attacks attempt to disrupt services by flooding the target host with large amount of requests.
  2. Protocol Attacks attempt to exploit a feature of a communication protocol (eg. SYN flood) or a bug in an implementation of a protocol, thereby rendering the service unavailable.
  3. Application Layer Attacks attempts to render a service unusable by exploiting features of an application that may cause application lock, as is the case in an XML Denial-of-Service attack.

DDoS Mitigation Strategies

To minimise the effect of Volume Based DDoS attacks, one of the following methods can be used. The choice of DDoS mitigation method is ultimately determined by the level of risk versus desired control.

  • Geographically distributed cloud hosting services (e.g. Akamai1, CloudFare2, Level33) can ensure that a web presence remains accessible in the event that a specific site/location is targeted. Advantage: cloud redundancy and advanced DDoS protection (make sure this is in your package); Disadvantage: increased latency for local visitors as traffic usually goes overseas (+ potential privacy concerns). Tip: some providers have nodes in South Africa.
  • Network security devices that specialise in DDoS prevention, specifically devices capable of blacklisting known botnet and malicious IP ranges, can prevent DDoS traffic from entering or exiting a network (e.g. Arbor4, Ixia5). Modern firewalls can usually do this in a limited form. Advantage: local control; Disadvantage: depending on where it’s deployed, this only stops the malicious traffic at the “gate” – so your Internet/SANReN link can still be congested (effective DoS).
  • Failover site hosting through multiple independent ISPs as an alternative to distributed cloud hosting. E.g. DR at other institutions and/or data centres.

Further Reading

For self hosted sites: www.slideshare.net/intruguard/10-ddos-mitigation-techniques-presentation.

References

1Akamai: DDoS Mitigation

2CloudFlare: DDoS

3Level3: DDoS Mitigation

4Arbor Networks: DDoS Protection Products

5Ixia: ThreatARMOR

6 Douligeris, C. and Mitrokotsa, A., 2004. DDoS attacks and defense mechanisms: classification and state-of-the-art. Computer Networks, 44(5), pp.643-666.