FortiDDos DDoS Attack Mitigation Guide - Fortinet

More documents

Recommendations

Info

May 1, 2012 28-100-167076-20120501 Copyright© 2012 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions, and performance may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Technical Documentation: docs.fortinet.com Knowledge Base: kb.fortinet.com Customer Service & Support: support.fortinet.com Training Services: training.fortinet.com
Table of Contents Introduction.............................................................................................. 1 Defining DDoS attacks...................................................................................... 1 Attack scenarios ............................................................................................... 1 Causes of attacks ............................................................................................. 1 Motivation behind attacks ................................................................................ 2 Virus infections, botnets and distributed attack tools ...................................... 2 Most common current generation DDoS attacks ............................................. 4 SYN flood.................................................................................................... 4 Zombie flood............................................................................................... 4 ICMP flood.................................................................................................. 4 TCP/UDP port flood.................................................................................... 4 Fragment flood............................................................................................ 5 Anomalous packet flood............................................................................. 5 HTTP GET flood.......................................................................................... 5 Blended attacks.......................................................................................... 5 Floods from unwanted geographical areas ................................................ 5 Myths and realities about DDoS attacks .......................................................... 5 Home remedies for simple and small DDoS attacks ........................................ 6 Anti-DDoS appliances ...................................................................................... 7 Carrier DDoS mitigation solutions .............................................................. 7 Custom logic (FPGA or ASIC) based internet data center (IDC), web hosting and web property DDoS mitigation solutions............................................. 7 Software based web property DDoS mitigation solutions.......................... 8 Things to look for in Anti-DDoS equipment...................................................... 8 Latest technology ....................................................................................... 8 Centralized monitoring................................................................................ 8 Visibility into normal network traffic patterns.............................................. 8 Alerting mechanisms .................................................................................. 8 Filtering mechanisms to reduce false positives.......................................... 8 Low latency................................................................................................. 8 Hardware logic for Anti-DDoS .................................................................... 9 Bypass and redundancy ............................................................................. 9 Extensible architecture ............................................................................... 9 FortiDDoS DDoS Attack Mitigation Guide 28-100-167076-20120501 iii http://docs.fortinet.com/ • Feedback
Page 1: FortiDDoS DDoS Attack Mitigation Gu
Page 5 and 6: independent devices ...............
Page 7 and 8: Introduction Defining DDoS attacks
Page 9 and 10: Virus infections, botnets and distr
Page 11 and 12: Myths and realities about DDoS atta
Page 13 and 14: Anti-DDoS appliances Anti-DDoS appl
Page 15 and 16: Things to look for in Anti-DDoS equ
Page 17 and 18: Support for IPv6 will become import
Page 19 and 20: Source rate limiting Source rate li
Page 21 and 22: Botnet Attack Mitigation Overview o
Page 23 and 24: Can you do the same processing in C
Page 25 and 26: A very simple deployment Figure 4:
Page 27 and 28: Typical deployment for an internet
Page 29 and 30: DDoS and SaaS Model for E-Commerce
Page 31 and 32: Testing a Mitigation System Introdu
Page 33 and 34: Attacks to test functionality and p
Page 39 and 40: Conclusion Conclusion Spoofed ICMP
Page 41 and 42: Virtual partitioning and multiple p
Page 43 and 44: Role based management and audit tra
Page 45: Conclusion Conclusion Buying a DDoS

FortiDDos DDoS Attack Mitigation Guide - Fortinet

Create successful ePaper yourself

Delete template?

Save as template?