Firewalls and other stateful devices such as VPN gateways, IDPS and load balancers are susceptible to DDoS attacks. According to Netscout's Threat Intelligence Report, 83% of survey respondents indicated that their firewalls attributed to network and services outages and/or crashed during a DDoS attack. Why? Because they were never designed to stop DDoS attacks – in particular, TCP state exhaustion DDoS attacks. Industry best practices recommend that you deploy stateless DDoS protection in front of the firewall to protect it, other stateful devices, and services behind them from going down.
Enemy of the State - Why DDoS Attacks Against Stateful Devices Have Massively Increased – And What To Do About It
This paper discusses why stateful network devices (e.g. firewalls, VPNs, and load balancers) are vulnerable to state exhaustion DDoS attacks and why you need stateless mitigation...
Podcast: Protect Your Organization From DDoS State Exhaustion Attacks
Roland Dobbins speaks with Packet Pushers about the threat of DDoS State Exhaustion Attacks. Learn about best practices to protect your network.
NETSCOUT Arbor Edge Defense (AED)
Arbor Edge Defense (AED) is an inline security appliance deployed at the network perimeter (i.e. between the internet router and firewall).
Security Risks of Stateful Network Architectures in the Digital Transformation Age
Stateful firewalls have unwittingly introduced the attack vector of distributed denial-of-service (DDoS) attacks. State exhaustion attacks can knock down defenses or disrupt...