Dos/DDoS Stress Testing

Disruptions to Internet-facing services due to Distributed Denial of Service (DDoS) attacks can cripple operations, impact customers and result in major economic losses; Category of DDoS Attack Type.

DDoS Attack Coverage

Volumetric DDoS Attacks

TCP Flood Attacks

HTTP GET/POST Floods

UDP Flood Attacks

UDP Fragmentation Attacks

ICMP Floods

Reflective DDoS Attacks

NTP Monlist Response Amplification

SSDP/UPnP Responses

SNMP Inbound Responses

Chargen Responses

Smurf Attack

Fraggle Attack DNS

DNS Amplification

Resource Exhaustion DDoS Attacks

Malformed and Truncated Packets (e.g. UDP Bombs)

IP Fragmentation/Segmentation AETs

Invalid TCP Segment IDs

Bad checksums and illegal flags in TCP/UDP frames

Invalid TCP/UDP port numbers

Use of reserved IP addresses

Slow HTTP requests (from tools like Slowloris, RUDY, Slowread)

Other DDoS Attacks

Command and Control Operations

Tunnel Inspection (GRE, MPLS etc.)

GRE, MPLS etc.

NTP Monlist Requests

Whitelisting

Known malicious IP Addresses (botnets, scanners, anonymization services, phishing sites, spammers)

Customized Protection with

Blacklisting of IP Addresses

Port address range filters (provides protection for generic TCP/UDP port based attacks)

Rate Limiting Policies

Flex-Rule – Programmable filters based on the Berkley Packet Format (BPF) syntax. These can be programmed to address a variety of attack categories volumetric, reflective through to attacks leveraging specific payloads (Teamspeak, RIPv1, netbios).

Smart-Rule – Heuristics based engine leverages heuristics and behavioural analysis to track and rate limit L1-L4 attacks