cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
391
Views
0
Helpful
3
Replies

Mitigating DDOS attack at edge

https://www.cisco.com/c/dam/en/us/support/docs/ip/access-lists/44541-tacl.gif

for the above scenario, i am looking for ways/Standards/mitigation to mitigate Ddos attack at edge. I read somewhere that it is generally prevented at ISP level, but as a security engineer for a company, what can we do to harden our Network. In most forums i read that use ACL to define traffic, i am curious if there is anything else more than ACL?.. I also read to use CBAC for Preventing SYN flood(correct me if i am wrong)..i am looking for these types of answers .i.e. what protocol or technique to use to prevent these attack( SYN flood, UDP flood, DNS flood, ACK flood, STOMP flood, GRE flood). 

I am still unexperienced in the practical implementation of all these stuffs since i am still a student. Anyway, my curiosity regarding recent Botnet attacks such as Mirai lead me to this path. I have been looking for the answers but i was not that lucky so here i am.

Any kinds of response will be appreciated.

Thank you

3 REPLIES 3
Highlighted
VIP Collaborator

Re: Mitigating DDOS attack at edge

I have share some information about the sambe doubt, look it:

 

My questions are

1- What happen if the attacker manages to send a lot of traffic to a Firewall's WAN interface, even if the Firewall has this traffic

blocked? What happen if the attacker manages to send a lot of ICMP request with a pretty low interval time or UDP traffic?

The wan interface will receive many packets and the buffer itself will have a overflow, causing temporary stop the traffic.


2- What about the Hardware resources consumption on the Firewall for blocked traffic?

 

If you are receiving many DDoS and  your firewall attempt to blocking verything, your hardware need support it, because your CPU will be usage to do it.

 

3- Which is the best way to stop a DDoS attack? just something like Radware's DDoS mitigation?

 

There are many feature about this, i suggest to you know more about IPS and IDS, this is good and advanced feature that can mitigate it easy for you.

 

Look documentation about:

https://www.cisco.com/c/en/us/products/security/ios-intrusion-prevention-system-ips/index.html

https://www.cisco.com/c/en/us/products/security/ngips/index.html

https://www.cisco.com/c/en/us/support/security/intrusion-prevention-system/tsd-products-support-series-home.html

 

 

Link related: https://community.cisco.com/t5/firewalls/can-the-blocked-traffic-consume-much-resources-ddos/td-p/3955419

 

Jaderson Pessoa
 
 
Jaderson Pessoa
*** Rate All Helpful Responses ***
Highlighted

Re: Mitigating DDOS attack at edge

Hello ,

Thanks for the response . I do know about the IDS , IPS .. However, i am looking for protocols used like ACL( something you can configure in the router itself), the standards used by enterprise.

 

Regards

Sandesh limbu

Highlighted
Hall of Fame Community Legend

Re: Mitigating DDOS attack at edge

A lot of documentation talks about stopping DDoS coming from the front.
What about DDoS originating from the back?