Anti DoS – DoS Filtering Methods
(Article submitted via Gmail, unpaid by james hooper)
Almost everyone one in the tech world is familiar with (D)DoS attacks and anti DoS. Basically it all comes down to preventing the mass of unwanted traffic coming in to your website as this uses up either all of your site’s available bandwidth, CPU memory or time, or a combination of both. The goals is to filter out this unwanted “bogus” traffic, which happens only because the source is as close as possible to the target site. (A site’s available bandwidth significantly drops as traffic is sent closer to it, the destination site). When the bogus traffic has already filled up the link to an ISP completely, then filtering it is no longer as effective. Thus, even before this happens, the ISP needs to configure an anti DoS filter to protect itself from potential attacks.
Ways how to filter DoS (or Denial of Service)
1. Source address filtering
2. Service filtering
3. Destination address filtering
The most preferred way to get rid of unwanted traffic is through source address filtering. It basically traps traffic coming from the attacker’s source address. Yet unfortunately, some attackers are wise enough because they falsify or spoof their address thus, this approach cannot be used because the attack seems to come from several hosts throughout the web. And even when the real source addresses are known, configuring a filter for all of the source addresses isn't possible in a massively distributed attack (DoS attack coming from several sources).
The easiest DoS attacker to deal with is one who uses a single non-important service for all attacking procedures. In such a case, a service filter can easily intercept the attacking traffic by filtering on a UDP or TCP port or on an ICMP kind. Still, if the attack uses unpredictable ports or ports that are used for important services hence cannot be filtered, then it is not feasible to do a filter on service.
The last option is to filter out all traffic coming in to the specific host or hosts that are under attack. This anti DoS technique is typically done to at least protect the other hosts on the network that are not yet affected. This is usually effective because most DoS attacks are aimed only at a small number of hosts within a network. However, if the attack is directed at the entire network, then filtering on the destination address won’t be successful.
Installing Effective Anti DoS Filters
Most DoS attacks can be prevented by installing the right type of filter. Unfortunately, installing a DoS prevention filter has to be done at the transit ISP. This becomes very hard and inconvenient to do because it would require the services of an ISP engineer to install the filter. This usually entails a long process and takes a long time so incorporating other DIY mechanisms would prove to be much better. Luckily, there are several strategies that customers can learn and apply themselves in their ISP network. You can also hire the services of an anti DoS carrier that is able to detect suspicious traffic behaviors and then obstruct (or mitigate) them. Although there is a limitation as to the range of protection you can give to your network, there are sure ways to limit DoS/DDoS attacks from affecting your website or network.
