How to Mitigate DDoS Attacks
Watch this demo to see NETSCOUT’s Arbor Sightline with Sentinel can:
- Automatically detect multi-vector DDoS attacks and intelligently orchestrate multiple methods of mitigation.
- Automatically generate and implement Flowspec rules for mitigation of attacks at network edge.
- Surgically mitigate sophisticated attacks with Arbor Threat Management System.
- Cloud-Signal upstream to other network operators for mitigation assistance.
- Provide visibility into all mitigation efforts.
DDoS attacks continue to increase in size, frequency and most of all complexity. 17+ vector attacks are common and may require different methods of mitigation. Arbor Sightline with Sentinel can automatically detect multi-vector DDoS attacks and intelligently orchestrate multiple methods of mitigation including Flowspec, Arbor Threat Management System and upstream network operators. This intelligent orchestration of DDoS attack protection is unmatched in the industry.
What is a multi-vector DDoS attack?
There are many types of DDoS attacks. But generally, they fall into three main categories. 1) Volumetric – These attacks attempt to consume the bandwidth either within the target network/service, or between the target network/service and the rest of the Internet. A common technique is to exploit certain protocols (of which there are many such as DNS, Memcached, NTP, Chargen) to execute large reflection/amplification attacks that are routinely hundreds of Gbps in size. 2) TCP State exhaustion attacks - These attacks attempt to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks. 3) Application layer - These attacks target some aspect of an application or service at Layer-7. These are the deadliest kind of attacks as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to pro-actively detect and mitigate). Application layer attacks have come to prevalence over the past three or four years and simple application layer flood attacks (HTTP GET flood etc.) have been some of the most common denial of service attacks seen in the wild.
Today’s sophisticated attackers are blending volumetric, state exhaustion and application-layer attacks against infrastructure devices all in a single, sustained attack. This is what’s known as a multi-vector DDoS attack. These attacks are popular because they easy to launch with DDoS attack tools or services and difficult to defend against.