DDoS mitigation is a set of techniques to limit impact of distributed denial of service (DDoS) attacks either by protecting the target and relay networks.
DDoS attacks are executed against websites and networks of selected victims. A number of vendors are offering "DDoS resistant" hosting services, mostly based on techniques similar to content distribution networks. Distribution avoids single point of congestion and prevents the DDoS attack from concentrating on single target.
One techniques of DDoS attacks is to use misconfigured third party networks that allow amplification of spoofed UDP packets. Proper configuration of network equipment, enabling ingress filtering and egress filtering, as documented in BCP 38 and RFC 6959, prevents amplification and spoofing, thus reducing number of relay networks available to attackers.
- Christian Rossow. "Amplification DDoS".
- "Network Ingress Filtering: IP Source Address Spoofing". IETF. 2000.
- "Source Address Validation Improvement (SAVI) Threat Scope". IETF. 2013.
|This Internet-related article is a stub. You can help Wikipedia by expanding it.|