Defending Against DDoS Attacks

By Holly Gilbert

The system learns as it encounters each new attack, and this benefits the entire customer base. Prince says with layer 3 and layer 4 attacks, “we stop 100 percent of packets from ever reaching our customers whether we've ever seen the attack before or not.”

But with layer 7 attacks, Prince says, there is a chance some of the packets may reach the customer because the attacks are specific to a customer’s application. “In the worst case, if there is a totally new attack, the system may let it through for a few seconds and then pick up the pattern and begin blocking the attack. However, once the blocking has begun, we're typically able to filter out the vast majority, if not all, of the attack,” he notes.

There are other companies that offer DDoS mitigation services, among them Cisco. One of Cisco’s mitigation products is the Guard XT 5650, an Ethernet interface that can monitor up to 1 Gbps of traffic per unit. The Guard XT can be combined with other Cisco products. These include the Traffic Anomaly Detector XT, which initially detects the presence of a DDoS attack. One technique used by Cisco to stop an attack once it is detected is called rate limiting. Rate limiting identifies offending traffic and limits the amount of bandwidth a server allows it to consume, as opposed to the technique of rerouting the traffic altogether. Cisco uses other techniques as well.



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.