Solution

DDoS Mitigation

Have a question ?
Contact Us

Download Document

ECQ DDoS Mitigation

Introduction

  • In recent years, hackers have slowly shifted their attack strategy to focus on Distributed Denial-of-Service (DDoS) attack against organizations who demand high-availability. According to a survey of PCWorld in 2011, over 40 percent of 114 representatives of different market segment said they the victims of DDoS attacks that exceeded 1Gbps in bandwidth last year while 13 percent experienced at least one attack that exceeded 10Gbps.

Prevention and Respond

  • Security solution must be designed based on the three important elements: Protection, Detection, and Response. While most of the attacks originated from the Internet can be promptly prevented before entering the network perimeter, DDoS attack can only be prevented through Detection, Analysis, and implementation of appropriate Response controls. The most difficult thing about protecting against DDoS attack is that all the detection, analysis, and response must happen in near real time or as quick as possible in order to contain the damage and protect the target system or infrastructure from being flooded with illegitimate traffic.

Why IPS and Firewall can't stop DDoS Attacks ?

Current security technologies such as Firewall and Intrusion Detection and Prevention System (IDS/IPS) are capable of protecting the network against some forms of DoS attack but they are not designed to protect the network against all DDoS attacks. In fact, the first victims in a DDoS attack are usually the firewall and the IPS themselves due to their requirement to stay inline of the traffic path to provide the protection this mean they are vulnerable to DDoS attack and salways become the target. Moreover, these protections are relying heavily on updated signatures and rules in order to work effectively and that certainly are not effective against DDoS attack in which the traffic pattern is extremely dynamic.

Why not Sinkhole ?

Sinkhole is design to routes the traffic and analysis the traffic and reject the bad one but sinkhole is not efficient for most severe attacks.

Backed by ISP's world class network infrastructure, E-CQURITY DDoS protection helps increase the availability for critical networks and ensures business-continuity without interruption.

Diagram: A

Sinkhole is design to routes the traffic and analysis the traffic and reject the bad one but sinkhole is not efficient for most severe attacks.

Backed by ISP's world class network infrastructure, E-CQURITY DDoS protection helps increase the availability for critical networks and ensures business-continuity without interruption.

How it works ?

Before DDoS Solution

Diagram: B

DDoS attack happens when a hacker commands his botnet which is a malicious network that contains compromised computers or zombies to send invalid or bad traffic to the victim for the purpose of taking up all the available bandwidth. When this happens, the target system or service is rendered unavailable due to the massive loads on traffic and CPU resources and thus legitimate users wouldn't be able to connect to the requested system.

After DDoS Solution (Diversion mode)

Diagram: C

When DDoS protection platform is in place, it will automatically detect the DDoS traffic as soon as it enters the network (2). Once the DDoS traffic has been detected or surpassed the defined threshold, the sensor will send a command (3) to the router to trigger a traffic diversion and reroute the attacked traffic to the Traffic Filter. The Traffic filter will analyze and drop (4) those traffic pattern that matches DDoS attack behavior and forward the valid traffic to the target system. In this scenario, the legitimate user wouldn't experience any downtime or unavailability of requested services.