What comes to your mind when you think about DDoS attacks? For most people, DDoS attacks are immediately associated with a powerful high-bandwidth volumetric attack; perhaps you even imagine a Jonny Lee Miller-esque attacker typing furiously in a dark room. Well, it’s 2013, and that stereotype is a little dated.

Make no mistake—DDoS attacks are more threatening and powerful than ever, but today’s devices can, for the most part, withstand volumetric attacks with relative ease. As a result, volumetric attacks are becoming less and less effective. However, as technology has evolved to give us more robust devices, attackers have also developed more sophisticated attacks.

Today’s DDoS attacks are hard to detect and even harder to mitigate. This is because attackers are no longer concerned with how much network traffic they can bombard you with, but rather how much traffic actually reaches the backend servers—in technical terms, this is called the attack bypass rate.

With the emergence of attacks that deliberately attempt to sneak through defense lines (and are getting increasingly clever at it), how effective are existing DDoS countermeasures?

In the next couple posts, I’ll go through current methods of DDoS detection and mitigation, which can be categorized as:

• Rate-/Flow-based Countermeasures

• Protocol-based Countermeasures

• Blanket Countermeasures

• Source host Authentication

See also:

Are DDoS Mitigation Technologies Falling Behind? (2 of 3)

Are DDoS Mitigation Technologies Falling Behind? (3 of 3)