Dos/DDoS Stress Testing
Disruptions to Internet-facing services due to Distributed Denial of Service (DDoS) attacks can cripple operations, impact customers and result in major economic losses; Category of DDoS Attack Type.
DDoS Attack Coverage
Volumetric DDoS Attacks
TCP Flood Attacks
HTTP GET/POST Floods
UDP Flood Attacks
UDP Fragmentation Attacks
ICMP Floods
Reflective DDoS Attacks
NTP Monlist Response Amplification
SSDP/UPnP Responses
SNMP Inbound Responses
Chargen Responses
Smurf Attack
Fraggle Attack DNS
DNS Amplification
Resource Exhaustion DDoS Attacks
Malformed and Truncated Packets (e.g. UDP Bombs)
IP Fragmentation/Segmentation AETs
Invalid TCP Segment IDs
Bad checksums and illegal flags in TCP/UDP frames
Invalid TCP/UDP port numbers
Use of reserved IP addresses
Slow HTTP requests (from tools like Slowloris, RUDY, Slowread)
Other DDoS Attacks
Command and Control Operations
Tunnel Inspection (GRE, MPLS etc.)
GRE, MPLS etc.
NTP Monlist Requests
Whitelisting
Known malicious IP Addresses (botnets, scanners, anonymization services, phishing sites, spammers)
Customized Protection with
Blacklisting of IP Addresses
Port address range filters (provides protection for generic TCP/UDP port based attacks)
Rate Limiting Policies
Flex-Rule – Programmable filters based on the Berkley Packet Format (BPF) syntax. These can be programmed to address a variety of attack categories volumetric, reflective through to attacks leveraging specific payloads (Teamspeak, RIPv1, netbios).
Smart-Rule – Heuristics based engine leverages heuristics and behavioural analysis to track and rate limit L1-L4 attacks