A denial-of-service (DoS) attack is a broad series of attacks that attackers use to prevent actual users from accessing the service of the target server.
In this process, the attackers send excessive messages to the service and request information. As a result, the target server consumes all its resources, and prevents valid requests from being fulfilled. The server spends a lot of time finding fake addresses, and prevents actual users from accessing the busy network service. Once the service closes the phony request, the attacker sends in more requests. This keeps the service network busy.
We can use the following techniques to prevent and mitigate DoS attacks:
Internet service providers (ISPs) have more bandwidth than most enterprises, which can help mitigate DoS attacks.
The contracted ISPs mitigate DoS attacks by protecting network border devices from being overwhelmed by the flood of malicious traffic. Many ISPs offer clean-pipes services that commit to a bandwidth of clean traffic. A significant portion of the defense against DoS attacks is placed on upstream providers, which keeps the network gear available to handle clean traffic.
Several cloud mitigation providers also offer services by providing massive bandwidth that cleans the traffic before it enters the network. They serve as intermediaries that receive and filter the traffic, and only pass on receive valid connections.
DoS protection appliances sit at the network perimeter and analyze the traffic before it reaches the internal network. They work by signature-based detection of attacks, or by providing behavioral traffic analyses.
However, these appliances only protect network segments, devices, and servers downstream from the protection appliance. If a DoS attack uses all of an enterprise's bandwidth, the attack is successful. This is because clean traffic cannot reach the DoS protection appliance. For this reason, border filtering is usually used with a clean-pipes service.
Note: Real-time visibility with Network Detection and Response(NDR) is an efficient way to detect DoS attacks early as it maintains a network profile.
Using a firewall is a simple but less effective method. Generally, we use a Python script to filter or block the traffic. It is necessary to ensure that the firewalls limit
Sometimes, attackers send requests to every device on the network to maximize the attack. We can limit or turn off the broadcast forwarding to disrupt the attacks.
We should patch endpoints to remove the known vulnerabilities. We should install endpoint detection and response (EDR) agents on endpoints capable of running them.
Question
Which of the following can we use to absorb a DoS attack?
ISP bandwidth
Cloud service
Both A and B
None of these
Free Resources