O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Distributed Denial of Service (DDoS)

Book Description

Distributed Denial of Service (DDoS) attacks have existed for almost as long as the commercial web itself, and they remain one of the most effective ways to disrupt online services. But, since many of these attacks go undisclosed, industry collaboration on ways to combat them has been slow to emerge. This ebook provides engineers and IT managers with techniques for detecting and mitigating ongoing and potential DDoS events.

Authors Rich Groves and Eric Chou explain how DDoS can disrupt services by flooding your network with traffic from many different sources, often by using a botnet. You’ll learn about the people behind these attacks and their motivations—such as criminals seeking financial gain, thrill and status seekers, and angry and disgruntled users—and ways that you can thwart them.

The techniques in this ebook enable small to mid-sized organizations to implement DDoS prevention measures on a budget—before the size of your infrastructure requires the services of a commercial DDoS vendor.

  • Get an overview of DDoS, including common attacks, botnet-driven attacks, and those that take advantage of IoT devices
  • Explore the pros and cons of current DDoS detection methods and mechanisms
  • Study the approach to DDoS mitigation at the network and application level, including ways to combat SYN Flood and Classic Flood attacks
  • Evaluate cloud-based DDoS detection and mitigation vendors to determine the best fit for your organization
  • Learn how to leverage community-based systems to construct a DDoS-focused Threat Intelligence system

Table of Contents

  1. Foreword
  2. 1. DDoS Attacks: Overview
    1. What Are DDoS Attacks?
    2. Why Are DDoS Attacks Effective?
    3. Who Is Behind the Attacks and What Is Their Motivation?
      1. Criminals
      2. Thrill Seekers and Status Seekers
      3. Angry and Disgruntled Users
      4. Hacktivist
    4. Common Types of DDoS Attacks
      1. Volumetric Floods
      2. Network Protocol–Level Attacks
      3. Amplification and Reflection
      4. Application-Level Attacks
      5. Multivector Attacks
    5. Botnets and IoT Devices
    6. Summary
  3. 2. DDoS Detection
    1. Poll-Based Monitoring and Detection
    2. Flow-Based Network Parameter Detections
    3. Network Mirrors and Deep Packet Inspection
    4. Anomalies and Frequency-Based Detections
    5. Summary
  4. 3. DDoS Mitigation and Countermeasures
    1. DDoS Terms and Traffic Flow
      1. Traffic Flood
      2. Source Spoofing
      3. Reflection and Amplification
    2. DDoS Mitigation Topology
      1. Reactive Versus Proactive Always-On Mitigation
      2. Potential Points of Attack Mitigation
    3. Network-Level Mitigation Tools
    4. Session-Level Mitigation Tools
      1. Purpose Built DDoS Mitigation Devices
    5. Example 1: Combating the Classic Flood
      1. Analyzing the Attack
      2. Mitigation Strategy
    6. Example 2: Combating State Exhaustion
      1. Attack Dynamics and Analysis
      2. Mitigation Strategy
    7. Emulate DDoS Attacks for Better Response
    8. Summary
  5. 4. Evaluating Cloud-Based Mitigation Vendors
    1. Why Use Cloud-Based DDoS Mitigation?
      1. Overall Cost Savings
      2. Proven Operating Procedure and Knowledge
      3. More Network Visibility and Fewer Bottlenecks
      4. Dedicated Staff and Better Reaction Time
    2. When Not to Use Cloud-Based DDoS Mitigation
      1. Control
      2. Customization
      3. Vendor Lock-In
      4. Security Boundaries
    3. Cloud-Based DDoS Mitigation Methods
      1. DDoS Detection Mechanism in the Cloud
    4. DDoS Mitigation Mechanism in the Cloud
      1. DDoS Event Reporting
      2. Hybrid Model
    5. Summary
  6. 5. DDoS Focused Threat Intelligence
    1. IP Blocklists
    2. Community Supported Efforts
      1. IP Geolocation Providers
      2. Purpose-Built Node Lists
    3. Honeypots
    4. DDoS-as-a-Service
    5. Summary
  7. 6. Final Thoughts