Showing results for 
Search instead for 
Did you mean: 

Mitigating DDOS attack at edge

for the above scenario, i am looking for ways/Standards/mitigation to mitigate Ddos attack at edge. I read somewhere that it is generally prevented at ISP level, but as a security engineer for a company, what can we do to harden our Network. In most forums i read that use ACL to define traffic, i am curious if there is anything else more than ACL?.. I also read to use CBAC for Preventing SYN flood(correct me if i am wrong)..i am looking for these types of answers .i.e. what protocol or technique to use to prevent these attack( SYN flood, UDP flood, DNS flood, ACK flood, STOMP flood, GRE flood). 

I am still unexperienced in the practical implementation of all these stuffs since i am still a student. Anyway, my curiosity regarding recent Botnet attacks such as Mirai lead me to this path. I have been looking for the answers but i was not that lucky so here i am.

Any kinds of response will be appreciated.

Thank you

VIP Collaborator

Re: Mitigating DDOS attack at edge

I have share some information about the sambe doubt, look it:


My questions are

1- What happen if the attacker manages to send a lot of traffic to a Firewall's WAN interface, even if the Firewall has this traffic

blocked? What happen if the attacker manages to send a lot of ICMP request with a pretty low interval time or UDP traffic?

The wan interface will receive many packets and the buffer itself will have a overflow, causing temporary stop the traffic.

2- What about the Hardware resources consumption on the Firewall for blocked traffic?


If you are receiving many DDoS and  your firewall attempt to blocking verything, your hardware need support it, because your CPU will be usage to do it.


3- Which is the best way to stop a DDoS attack? just something like Radware's DDoS mitigation?


There are many feature about this, i suggest to you know more about IPS and IDS, this is good and advanced feature that can mitigate it easy for you.


Look documentation about:



Link related:


Jaderson Pessoa
Jaderson Pessoa
*** Rate All Helpful Responses ***

Re: Mitigating DDOS attack at edge

Hello ,

Thanks for the response . I do know about the IDS , IPS .. However, i am looking for protocols used like ACL( something you can configure in the router itself), the standards used by enterprise.



Sandesh limbu

Hall of Fame Community Legend

Re: Mitigating DDOS attack at edge

A lot of documentation talks about stopping DDoS coming from the front.
What about DDoS originating from the back?