DDoS Attack - Gurzu Nepal

Slide 1

Slide 1 text

No content

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

No content

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

3 TYPES 1. Application-Layer Attacks 2. Protocol Attacks 3. Volumetric Attacks

Slide 11

Slide 11 text

APPLICATION-LAYER ATTACKS • Targets and disrupts a specific app, not an entire network. • A hacker generates a high number of HTTP requests that exhaust the target server's ability to respond. • Challenging to prevent as it is difficult to distinguish between legitimate and malicious HTTP requests.

Slide 12

Slide 12 text

PROTOCOL ATTACKS • Also known as network-layer attacks. • Exploit weaknesses in the protocols or procedures that govern internet communications. • Use spoofing to create an infinite loop of requests until the system crashes.

Slide 13

Slide 13 text

VOLUMETRIC ATTACKS • Consumes a target's available bandwidth with false data requests and creates network congestion. • Most common type of this attack is the DNS amplification attack. • All volumetric attacks rely on botnets. • Volumetric attacks are the most common type of DDoS.

Slide 14

Slide 14 text

USUAL DDOS SYMPTOMS • Large amounts of traffic coming from clients with same or similar characteristics. E.g. device type, browser type/version, IP or IP range, and location etc. • An exponential, unexpected rise in traffic at a single endpoint/server. • A server starts repeatedly crashing for no reason. • Your website is taking too long to respond to requests.

Slide 15

Slide 15 text

RESPONDING TO A DDOS ATTACK •Blackhole filtering:Go through incoming traffic and determine a limitation criterion. Use the criterion to route malicious traffic into a blackhole, essentially dropping it. •Casting:Distribute the traffic across multiple servers, increasing your capacity, and decreasing the chances of individual servers getting overwhelmed. •IP Blocking: If you are noticing unexpectedly high traffic from the same range of IP addresses, block them.

Slide 16

Slide 16 text

PREVENTING DDOS ATTACKS •Real-time packet analysis: Analyze packets based on different rules, as they enter your system, discarding the potentially malicious ones. •DDoS defense system (DDS): A DDS can detect legitimate-looking content with malicious intent. It protects against both protocol and volumetric attacks, without requiring any human intervention. •Web application firewall:Web application firewalls (WAF) are a great tool to mitigate application layer DDoS attacks. They give you a way to filter incoming requests, based on different rules, which can also be added on-the-fly, in response to an attack. •Rate limiting:Limit the number of requests a server can entertain over a certain time period.

Slide 17

Slide 17 text

Thank you