FortiDDos DDoS Attack Mitigation Guide - Fortinet

More documents

Recommendations

Info

Attacks to test functionality and performance can have 65,536 different values. It is important for an operating system to have some sort of a mechanism in order to control the identification numbers correctly. In this flood, the IP-ID file is randomly varied. IP random fragment flag, offset flood IP-V4 header has a field called Flags related to fragmentation. This 3-bit flag has a reserved bit followed by Don't Fragment (DF) and More Fragment (MF) bits. A flood that continuously varies the above bits can confuse network devices. Just after the flags, there is a 13-bit fragment offset field. A flood that continuously varies this field can also cause confusion. IP random TTL flood IPv4 header has an eight-bit time-to-live (TTL) field that helps prevent datagrams from going in circles on the Internet. Each packet intermediate network appliance that a datagram crosses decrements the TTL field by one. When the TTL field hits zero, the packet is no longer forwarded by a packet switch and is discarded. This flood sends packets with random TTL values. IP random protocol IPV4 protocol supports up to 256 protocol types. In this flood, the protocol field value is randomly changed while (may be) keeping rest of the packet header values similar. UDP checksum error UDP header has a checksum field. By sending a wrongly computed checksum value, packets with anomalous header can be flooded on the network. Non-spoofed ICMP echo reply flood ICMP echo request is typically used to identify the presence of a machine on the network. The machine responds with a ICMP echo reply. This flood that continuously sends ICMP echo replies to an IP address. The sources are non-spoofed. Spoofed ICMP echo reply Unlike above, this flood uses spoofed IP addresses to send ICMP echo replies. Un-spoofed ICMP type/code flooding ICMP allows 65535 combinations of type/codes. This is an un-spoofed flood from limited number of sources that randomly send a type/code flood. FortiDDoS DDoS Attack Mitigation Guide 28-100-167076-20120501 32 http://docs.fortinet.com/ • Feedback
Conclusion Conclusion Spoofed ICMP random type/code flooding This is a spoofed flood where a single but random ICMP type/code is flooded. Rest of the packet header may be similar in the packets. Non-IP flooding Ethernet header allows different protocols. IP version 4 or version 6 are just two of them. There are other protocols too. In a non-IP flood, un-common values of the protocol values are used. There are many ways to test DDoS mitigation equipment. Conditions given above are just some examples. DDoS mitigation is a police and thief game. The hackers come up with new techniques and therefore the testers and equipment makers have to come up new techniques to test and benchmark the equipment. FortiDDoS DDoS Attack Mitigation Guide 28-100-167076-20120501 33 http://docs.fortinet.com/ • Feedback
Page 1 and 2: FortiDDoS DDoS Attack Mitigation Gu
Page 3 and 4: Table of Contents Introduction.....
Page 5 and 6: independent devices ...............
Page 7 and 8: Introduction Defining DDoS attacks
Page 9 and 10: Virus infections, botnets and distr
Page 11 and 12: Myths and realities about DDoS atta
Page 13 and 14: Anti-DDoS appliances Anti-DDoS appl
Page 15 and 16: Things to look for in Anti-DDoS equ
Page 17 and 18: Support for IPv6 will become import
Page 19 and 20: Source rate limiting Source rate li
Page 21 and 22: Botnet Attack Mitigation Overview o
Page 23 and 24: Can you do the same processing in C
Page 25 and 26: A very simple deployment Figure 4:
Page 27 and 28: Typical deployment for an internet
Page 29 and 30: DDoS and SaaS Model for E-Commerce
Page 31 and 32: Testing a Mitigation System Introdu
Page 33 and 34: Attacks to test functionality and p
Page 35 and 36: Attacks to test functionality and p
Page 37: Attacks to test functionality and p
Page 41 and 42: Virtual partitioning and multiple p
Page 43 and 44: Role based management and audit tra
Page 45: Conclusion Conclusion Buying a DDoS

FortiDDos DDoS Attack Mitigation Guide - Fortinet

Create successful ePaper yourself

Delete template?

Save as template?