In computing, a Denial-of-Service attack (DoS attack) or Distributed Denial-of-Service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users (Wikipedia).
The real world equivalent would be getting a crowd of so many non-customers in front of a shop, that customers cannot even get to the shop's front door, preventing the shop from doing any business.
Unlike many Web Application Firewall systems on the market, the Network Box Anti-DDoS WAF+ system, as its name suggests, has also been specifically enhanced with a wide range of capabilities to allow for the mitigation of Distributed Denial of Service attacks.
General overview of a typical DDoS attack
One of the key design goals of the Network Box Anti-DDoS WAF+ system has been to allow companies and organizations to implement effective Anti-DDoS technology on an affordable basis. Layer 3 (network) protocol enforcement, including connection rate, data transfer volume and connection slowness can be handled; and a wide range of Layer 7 (application) properties, including URL pattern, user agent and request header are taken into account.
The Anti-DDoS WAF+ uses behavioural analysis, traffic signatures, rate limiting, and other such techniques to identify malicious traffic per source-address. Once we've identified a source of malicious traffic we blacklist it.
The Network Box networking stack consists of many layers of protection, from physical layer 1 all the way up to application protection at layer 7. Whitelists and blacklists of IP addresses are maintained very low down in this stack, and source traffic from addresses in the blacklists (but not in the whitelists) are blocked with the highest performance. Once an attack source has been identified, it is added to the blacklist, and further traffic from that source is either blocked for a certain time (the dynamic blacklists) or indefinitely (the permanent blacklists).
Some of the mitigation methods used by the Anti-DDoS WAF+
In addition to this, only legitimate connections from verified non-spoofed source addresses are permitted to continue to the protected servers, and in this way the vast majority of such attacks can be mitigated (so long as the incoming bandwidth is sufficient to handle the attack).
During a DDoS attack, the attackers are mitigated using a variety of techniques
whilst legitimate users are allowed normal access.