How Can DDoS Protection Possibly Work?

EpicGlobalWeb · Oct 19, 2016

I gave a scenario here: https://forumweb.hosting/13837-how-to-block-visitors-from-specific-countries.html?p=83362#post83362

in which an attacker or prankster (with permission) could run a simple attack which changes IP and packet requests quickly and very easily. How could this possibly be stopped? It will look like legitimate requests for a while. Even if one IP is blocked, another can be used and you can't stop it by packet amount either. Not to mention it's literally impossible to track the source, let alone do something about it.

VirtuBox · Oct 19, 2016

Hello EpicGlobalWeb,
That's a good question. here a typical DDoS attack :

So you can think the traffic could look like legitimate. But some providers are using very advanced anti-DDos system nowadays like the Arbor network, and those system are not looking only to the type of packet, but also on the traffic in bit/seconds. If it detect anything unusual, the traffic is routed to the anti-DDoS system to analyze it.

Here the network protocols analyzed to see if the traffic is legitimate or not.

DNS ;
ICMP ;
IP Fragment ;
IP NULL ;
IP Private ;
TCP NULL ;
TCP RST ;
TCP SYN ;
UDP ;
Total Traffic

And if there is something unusual, the traffic will be analyzed to make sure there is no issue with the anti-DDos system :

But I can't explain more, because those system are really complex and also very expensive.

EpicGlobalWeb · Oct 20, 2016

I appreciate your detailed answer. The outline you showed is definitely much more advanced of an attack than my 1 computer example.

Advanced anti-DDoS systems sound like they still require some human monitorship.

How Can DDoS Protection Possibly Work?

EpicGlobalWeb

Well-known member

VirtuBox

Well-known member

EpicGlobalWeb

Well-known member

Latest posts New threads

Latest posts

New threads

Latest Hosting Offers New Reviews

Latest hosting offers

Popular Contributors - Past 30 Days

Sponsors

Tag Cloud