How to defend against DoS attacks

A denial-of-service (DoS) attack is a broad series of attacks that attackers use to prevent actual users from accessing the service of the target server.

How a DoS attack works

In this process, the attackers send excessive messages to the service and request information. As a result, the target server consumes all its resources, and prevents valid requests from being fulfilled. The server spends a lot of time finding fake addresses, and prevents actual users from accessing the busy network service. Once the service closes the phony request, the attacker sends in more requests. This keeps the service network busy.

A DoS attack

Defense techniques against DoS attacks

We can use the following techniques to prevent and mitigate DoS attacks:

ISPs

Internet service providers (ISPs) have more bandwidth than most enterprises, which can help mitigate DoS attacks.

The contracted ISPs mitigate DoS attacks by protecting network border devices from being overwhelmed by the flood of malicious traffic. Many ISPs offer clean-pipes services that commit to a bandwidth of clean traffic. A significant portion of the defense against DoS attacks is placed on upstream providers, which keeps the network gear available to handle clean traffic.

Cloud mitigation providers

Several cloud mitigation providers also offer services by providing massive bandwidth that cleans the traffic before it enters the network. They serve as intermediaries that receive and filter the traffic, and only pass on receive valid connections.

DoS protection

Border filtering

DoS protection appliances sit at the network perimeter and analyze the traffic before it reaches the internal network. They work by signature-based detection of attacks, or by providing behavioral traffic analyses.

However, these appliances only protect network segments, devices, and servers downstream from the protection appliance. If a DoS attack uses all of an enterprise's bandwidth, the attack is successful. This is because clean traffic cannot reach the DoS protection appliance. For this reason, border filtering is usually used with a clean-pipes service.

Note: Real-time visibility with Network Detection and Response(NDR) is an efficient way to detect DoS attacks early as it maintains a network profile.

Firewalls

Using a firewall is a simple but less effective method. Generally, we use a Python script to filter or block the traffic. It is necessary to ensure that the firewalls limit ingressTraffic that enters the boundry of a network and egressTraffic that exits the boundry of a network traffic across the perimeter wherever possible.

Limited broadcasting

Sometimes, attackers send requests to every device on the network to maximize the attack. We can limit or turn off the broadcast forwarding to disrupt the attacks.

Protected endpoints

We should patch endpoints to remove the known vulnerabilities. We should install endpoint detection and response (EDR) agents on endpoints capable of running them.

Question

Q

Which of the following can we use to absorb a DoS attack?

A)

ISP bandwidth

B)

Cloud service

C)

Both A and B

D)

None of these

Free Resources

Copyright ©2025 Educative, Inc. All rights reserved