Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1019
Views
0
Helpful
3
Replies

Mitigating DDOS attack at edge

sandeshlimbu482337082
Level 1
Level 1

‎11-21-2019 10:33 AM - edited ‎11-21-2019 10:34 AM

https://www.cisco.com/c/dam/en/us/support/docs/ip/access-lists/44541-tacl.gif

for the above scenario, i am looking for ways/Standards/mitigation to mitigate Ddos attack at edge. I read somewhere that it is generally prevented at ISP level, but as a security engineer for a company, what can we do to harden our Network. In most forums i read that use ACL to define traffic, i am curious if there is anything else more than ACL?.. I also read to use CBAC for Preventing SYN flood(correct me if i am wrong)..i am looking for these types of answers .i.e. what protocol or technique to use to prevent these attack( SYN flood, UDP flood, DNS flood, ACK flood, STOMP flood, GRE flood). 

I am still unexperienced in the practical implementation of all these stuffs since i am still a student. Anyway, my curiosity regarding recent Botnet attacks such as Mirai lead me to this path. I have been looking for the answers but i was not that lucky so here i am.

Any kinds of response will be appreciated.

Thank you

Labels:
0 Helpful
3 Replies 3

Jaderson Pessoa
VIP Alumni
VIP Alumni

‎11-21-2019 10:46 AM

I have share some information about the sambe doubt, look it:

 

My questions are

1- What happen if the attacker manages to send a lot of traffic to a Firewall's WAN interface, even if the Firewall has this traffic

blocked? What happen if the attacker manages to send a lot of ICMP request with a pretty low interval time or UDP traffic?

The wan interface will receive many packets and the buffer itself will have a overflow, causing temporary stop the traffic.


2- What about the Hardware resources consumption on the Firewall for blocked traffic?

 

If you are receiving many DDoS and  your firewall attempt to blocking verything, your hardware need support it, because your CPU will be usage to do it.

 

3- Which is the best way to stop a DDoS attack? just something like Radware's DDoS mitigation?

 

There are many feature about this, i suggest to you know more about IPS and IDS, this is good and advanced feature that can mitigate it easy for you.

 

Look documentation about:

https://www.cisco.com/c/en/us/products/security/ios-intrusion-prevention-system-ips/index.html

https://www.cisco.com/c/en/us/products/security/ngips/index.html

https://www.cisco.com/c/en/us/support/security/intrusion-prevention-system/tsd-products-support-series-home.html

 

 

Link related: https://community.cisco.com/t5/firewalls/can-the-blocked-traffic-consume-much-resources-ddos/td-p/3955419

 

Jaderson Pessoa
 
 
Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

sandeshlimbu482337082
Level 1
Level 1
In response to Jaderson Pessoa

‎11-22-2019 10:22 AM

Hello ,

Thanks for the response . I do know about the IDS , IPS .. However, i am looking for protocols used like ACL( something you can configure in the router itself), the standards used by enterprise.

 

Regards

Sandesh limbu

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎11-21-2019 01:04 PM

A lot of documentation talks about stopping DDoS coming from the front.
What about DDoS originating from the back?
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents