What is a Distributed Denial of Service (DDoS) Attack?
What are Network Flood Attacks?
What are Application-Layer DDoS Attacks?
Why Doesn't My Firewall Stop All DDoS Attacks and Other Unwanted Traffic at The Network Perimeter?
Why Doesn't My Firewall's Anti-DDoS Capability Protect Me Against DDoS Attacks?
Why are Signature-Based Strategies Not Working Anymore?
Why Do I Need an On-Premise Defense? I Already Have a DDoS Protection Service from My ISP or Cloud Provider.
A distributed denial-of-service (DDoS) attack occurs when multiple systems overwhelm the bandwidth or other resources of a targeted system, overloading it can cause it to go down or experience severely degraded service. While traditional DDoS attacks use a high volume of packets to flood the network, today's attacks use new techniques that traditional security technologies (including firewalls) do not protect against. DDoS attacks cause costly network downtime, lost revenue, and reputation damage to organizations that rely on the Internet to do business.
Network flood attacks, also referred to as “flooding” are a type of DDoS attack. This attack occurs when a network is flooded with a large amount of traffic, causing the network or service to become weighed down with a large number of packets. While these types of attacks occur frequently, there is an increasing number of attacks on the application layer.
Application layer DDoS attacks or often called, “layer 7 DDoS attacks”, not only send a high volume of network packets, but they also complete TCP connections from the attacker to the victim server. Once these TCP connections are made, the attacking computers make repeated requests to the application, progressively consuming resources until they are entirely depleted, rendering the application incapable of responding to user requests. These application-level DDoS attacks are particularly difficult to detect and mitigate as they appear legitimate and do not consume excessive bandwidth resources.
Cyber attacks that are perpetrated by criminals, terrorists or cyber activists have reached a level of complexity that firewalls cannot protect against. Stateful firewalls are not designed to handle large volume attacks and do not have complete L3-L7 DDoS defense functionality. The firewall dictates what services may be used, but not how they are used. Attackers know this and calculatedly misuse the allowed services, compromising the firewall and/or its performance and downstream applications.
Corero’s SmartWall stops DDoS attacks and blended attacks with advanced evasion techniques and other intrusions at the network perimeter. The SmartWall protects the network’s infrastructure while working together with existing security devices, including firewalls.
Even firewalls that claim to have anti-DDoS capabilities built-in have only one method of blocking attacks: the usage of indiscriminate thresholds. When the threshold limit is reached, every application and every user using that port gets blocked, causing an outage. Attackers know this is an effective way to block the good users along with the attackers. Because network and application availability is affected, the end goal of denial of service is achieved.
Signature-based strategies detect known threats. They utilize pattern-matching techniques similar to anti-virus products but have no ability to block attack, because they have no signature—and attackers know this. By simply manipulating a few characters in a header or payload, an attack can easily pass through today’s signature-based technology and compromise network services. Corero’s SmartWall Threat Defense System uses both protocol behavioral analysis techniques as well as signature matching to protect against unknown attacks before they hit the network.
DDoS attacks range from very high volume attacks that overwhelm your network to the most common attack seen today: the low latency application-layer DDoS attack that shuts down web services and critical applications.