• How To Distinguish DDoS Attacks From Legitimate Traffic

    Find out how DDoS attackers are masking themselves as legitimate traffic and learn modern day solutions to detect and mitigate these DDoS attacks.

  •  
  • One of the more fascinating elements in today’s modern day cyber attacks is the ability for the perpetrators to masquerade themselves as legitimate users at a very deep level. DDoS attacks have always had an element of legitimate requests coming in and that overwhelming a system. Today’s modern day cyber attacks will extend that problem even further and old rate based technology or first generation DDoS protection is no longer adequate to be able to protect this new advanced legitimacy masquerading DDoS attacks.

    Let’s share some examples of these masquerading elements of legitimate traffic. Today’s DDoS attacks are being born from trusted sources. You may be a company that is for example using a legitimate application on a hosting a cloud company such as let’s say for example Amazon whereas  DDoS attacks may originate from those source IPs and the rates maybe adequate or made  to look as if they are legitimate traffic but are able to attack you.

    In addition there are many types of rates that may spike that actually may be legitimate traffic for your site so you have a compounding problem in that rates spiking, or what we call authentic flash crowd situations, are a good new situation most recently there’s some great examples of legitimate flash crowds. For example, when the pope was recently handed on over to a new pope there was a period of time from the white smoke which says we’ve announced a new pope to the actual announcement there was a period of hours there where the website of the Vatican got overwhelmed with people looking for the new pope and all of this was legitimate traffic.

    In old first generation DDoS protection technologies they used two major tools to protect you from DDoS attacks: rate based information and source IP blocking. The bad guys are now masquerading themselves so that they can obfuscate themselves in rates and they can obfuscate the source IP. So modern day solutions will have to consider things such as blocking other than source IP, blocking other than destination IP and blocking other than rate. Why? Because IP blocking and rate blocking are essentially blunt instruments. They will not distinguish the difference between legitimate traffic and an illegitimate traffic. By definition, once you use those tools you are succumbing to the fact that you’re going to block legitimate traffic which means you will be taking legitimate customers off of your website with those instruments.

    Currently Under A DDoS Attack and In Need of Expert Emergency Assistance? Radware Can Help.

    DDoS attacks or malware outbreaks can create unwanted emergency situations. Radware offers a DDoS service that includes a 24/7 emergency response team to help respond to these emergencies, neutralize the security risk, and better safeguard operations before irreparable damages occur. If you’re being hit with DDoS attacks and are in need of emergency assistance, Contact us with the code "Red Button".

  • Recommended Videos

    DDoS Security Concerns in Cloud Computing
    How to Stop Sophisticated DDoS Attacks
    Radware's Advanced Persistent Threat (APT) Score