totaram
asked on
Undertand DDoS attacks..
I have couple of Questions regarding DDoS attacks in Internet:
1. Does the internet connectivity to outside world always have to be BGP in order to be DDoS susceptible? The reason I am asking is: that is the only way to be exposed to the open world. If the site is connected static, it is more of 1:1 connection from site to the provider.
2. There are several ISP providers, can a non-ISP entity (IIIrd party) come in and provide DDoS Prevention?
Thanks in advance;
ASKER
Thanks Dr Klahn, would you be kind to provide what happens in DDoS Attack, I wanted to understand the mechanism.
the attacker owns a bunch of botnets
DNS amplification attacks are a perfect example. Attackers use a botnet to send thousands of lookup requests to open DNS servers. The requests have a spoofed source address (the victims ip address) and are configured to maximize the amount of data returned by each DNS server.
The result: an attacker sends relatively small amounts of traffic from a botnet and generates proportionally greater – or “amplified” – volumes of traffic from DNS servers. The amplified traffic is directed to a victim, causing the system to falter.
Easy to read article
DNS amplification attacks are a perfect example. Attackers use a botnet to send thousands of lookup requests to open DNS servers. The requests have a spoofed source address (the victims ip address) and are configured to maximize the amount of data returned by each DNS server.
The result: an attacker sends relatively small amounts of traffic from a botnet and generates proportionally greater – or “amplified” – volumes of traffic from DNS servers. The amplified traffic is directed to a victim, causing the system to falter.
Easy to read article
1. Does the internet connectivity to outside world always have to be BGP in order to be DDoS susceptible?
No.
Whatever protocols are in effect, as @David Johnson mentioned, if packets can flow from the Internet to an IP, then that IP can be attacked by many other IPs.
2. There are several ISP providers, can a non-ISP entity (3rd party) come in and provide DDoS Prevention?
Not really required, as you can do this for free on any machine/container.
3. Also most ISPs run DOS/DDOS detection.
For example, with OVH, I get DOS/DDOS detection triggers every day... sometimes every hour... where they sense + block the most egregious attacks before the packets ever flow to any of my IPs.
No.
Whatever protocols are in effect, as @David Johnson mentioned, if packets can flow from the Internet to an IP, then that IP can be attacked by many other IPs.
2. There are several ISP providers, can a non-ISP entity (3rd party) come in and provide DDoS Prevention?
Not really required, as you can do this for free on any machine/container.
3. Also most ISPs run DOS/DDOS detection.
For example, with OVH, I get DOS/DDOS detection triggers every day... sometimes every hour... where they sense + block the most egregious attacks before the packets ever flow to any of my IPs.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks all for shining light.. Great tutorial on DDoS
2. Yes. Cloudflare is an example.