SlideShare una empresa de Scribd logo
1 de 17
Descargar para leer sin conexión
DDOS Attack - Gurzu Nepal
DDOS Attack - Gurzu Nepal
DDOS Attack - Gurzu Nepal
DDOS Attack - Gurzu Nepal
DDOS Attack - Gurzu Nepal
DDOS Attack - Gurzu Nepal
DDOS Attack - Gurzu Nepal
DDOS Attack - Gurzu Nepal
DDOS Attack - Gurzu Nepal
3 TYPES
1. Application-Layer Attacks
2. Protocol Attacks
3. Volumetric Attacks
APPLICATION-LAYER ATTACKS
• Targets and disrupts a specific app, not an entire
network.
• A hacker generates a high number of HTTP requests
that exhaust the target server's ability to respond.
• Challenging to prevent as it is difficult to distinguish
between legitimate and malicious HTTP requests.
PROTOCOL ATTACKS
• Also known as network-layer attacks.
• Exploit weaknesses in the protocols or procedures that
govern internet communications.
• Use spoofing to create an infinite loop of requests
until the system crashes.
VOLUMETRIC ATTACKS
• Consumes a target's available bandwidth with false
data requests and creates network congestion.
• Most common type of this attack is the DNS
amplification attack.
• All volumetric attacks rely on botnets.
• Volumetric attacks are the most common type of
DDoS.
USUAL DDOS SYMPTOMS
• Large amounts of traffic coming from clients with same or similar characteristics. E.g. device type,
browser type/version, IP or IP range, and location etc.
• An exponential, unexpected rise in traffic at a single endpoint/server.
• A server starts repeatedly crashing for no reason.
• Your website is taking too long to respond to requests.
RESPONDING TO A DDOS ATTACK
•Blackhole filtering:Go through incoming traffic and determine a limitation criterion. Use the criterion to
route malicious traffic into a blackhole, essentially dropping it.
•Casting:Distribute the traffic across multiple servers, increasing your capacity, and decreasing the chances
of individual servers getting overwhelmed.
•IP Blocking: If you are noticing unexpectedly high traffic from the same range of IP addresses, block them.
PREVENTING DDOS ATTACKS
•Real-time packet analysis: Analyze packets based on different rules, as they enter your system, discarding
the potentially malicious ones.
•DDoS defense system (DDS): A DDS can detect legitimate-looking content with malicious intent. It
protects against both protocol and volumetric attacks, without requiring any human intervention.
•Web application firewall:Web application firewalls (WAF) are a great tool to mitigate application layer
DDoS attacks. They give you a way to filter incoming requests, based on different rules, which can also be
added on-the-fly, in response to an attack.
•Rate limiting:Limit the number of requests a server can entertain over a certain time period.
Thank
you

Más contenido relacionado

Similar a DDOS Attack - Gurzu Nepal

Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Mumbai Academisc
 
Ddos- distributed denial of service
Ddos- distributed denial of service Ddos- distributed denial of service
Ddos- distributed denial of service laxmi chandolia
 
IRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET- DDOS Detection System using C4.5 Decision Tree AlgorithmIRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET- DDOS Detection System using C4.5 Decision Tree AlgorithmIRJET Journal
 
Information Security Systems
Information Security SystemsInformation Security Systems
Information Security SystemsEyad Mhanna
 
A10 issa d do s 5-2014
A10 issa d do s 5-2014A10 issa d do s 5-2014
A10 issa d do s 5-2014Raleigh ISSA
 
security in IOT.pptx
security in IOT.pptxsecurity in IOT.pptx
security in IOT.pptxTulasi72
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service AttacksHansa Nidushan
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident HandlingMarcelo Silva
 
Aleksei zaitchenkov slides about DOS Attacks
Aleksei zaitchenkov slides about DOS AttacksAleksei zaitchenkov slides about DOS Attacks
Aleksei zaitchenkov slides about DOS AttacksDipesh Karade
 
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
 
Protecting your business from ddos attacks
Protecting your business from ddos attacksProtecting your business from ddos attacks
Protecting your business from ddos attacksSaptha Wanniarachchi
 
INTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEMINTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEMBhushan Gajare
 
Whitepaper on DDoS Mitigation
Whitepaper on DDoS MitigationWhitepaper on DDoS Mitigation
Whitepaper on DDoS MitigationGaurav Bhatia
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPROIDEA
 

Similar a DDOS Attack - Gurzu Nepal (20)

DoS/DDoS
DoS/DDoSDoS/DDoS
DoS/DDoS
 
Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...
 
Addios!
Addios!Addios!
Addios!
 
Ddos- distributed denial of service
Ddos- distributed denial of service Ddos- distributed denial of service
Ddos- distributed denial of service
 
IRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET- DDOS Detection System using C4.5 Decision Tree AlgorithmIRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
 
Information Security Systems
Information Security SystemsInformation Security Systems
Information Security Systems
 
Denial of service
Denial of serviceDenial of service
Denial of service
 
A10 issa d do s 5-2014
A10 issa d do s 5-2014A10 issa d do s 5-2014
A10 issa d do s 5-2014
 
security in IOT.pptx
security in IOT.pptxsecurity in IOT.pptx
security in IOT.pptx
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service Attacks
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident Handling
 
Aleksei zaitchenkov slides about DOS Attacks
Aleksei zaitchenkov slides about DOS AttacksAleksei zaitchenkov slides about DOS Attacks
Aleksei zaitchenkov slides about DOS Attacks
 
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
 
Cyber Security Terms
Cyber Security TermsCyber Security Terms
Cyber Security Terms
 
Protecting your business from ddos attacks
Protecting your business from ddos attacksProtecting your business from ddos attacks
Protecting your business from ddos attacks
 
BOTNET
BOTNETBOTNET
BOTNET
 
INTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEMINTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEM
 
Whitepaper on DDoS Mitigation
Whitepaper on DDoS MitigationWhitepaper on DDoS Mitigation
Whitepaper on DDoS Mitigation
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 

Más de GurzuInc

Power of documentation | Aarati Shah | Gurzu.pdf
Power of documentation | Aarati Shah | Gurzu.pdfPower of documentation | Aarati Shah | Gurzu.pdf
Power of documentation | Aarati Shah | Gurzu.pdfGurzuInc
 
The Art of Refactoring | Asmit Ghimire | Gurzu.pdf
The Art of Refactoring | Asmit Ghimire | Gurzu.pdfThe Art of Refactoring | Asmit Ghimire | Gurzu.pdf
The Art of Refactoring | Asmit Ghimire | Gurzu.pdfGurzuInc
 
I'm Programmer _ Ganesh Kunwar _ Gurzu.pdf
I'm Programmer _ Ganesh Kunwar _ Gurzu.pdfI'm Programmer _ Ganesh Kunwar _ Gurzu.pdf
I'm Programmer _ Ganesh Kunwar _ Gurzu.pdfGurzuInc
 
Obtaining Your Tax Clearance Certificate_ A Quick Guide | Deepak Rai | Gurzu.pdf
Obtaining Your Tax Clearance Certificate_ A Quick Guide | Deepak Rai | Gurzu.pdfObtaining Your Tax Clearance Certificate_ A Quick Guide | Deepak Rai | Gurzu.pdf
Obtaining Your Tax Clearance Certificate_ A Quick Guide | Deepak Rai | Gurzu.pdfGurzuInc
 
Problem Solving Skill - Bishal Sapkota - Gurzu
Problem Solving Skill - Bishal Sapkota - GurzuProblem Solving Skill - Bishal Sapkota - Gurzu
Problem Solving Skill - Bishal Sapkota - GurzuGurzuInc
 
My experience with Mobile Testing - Asmita Poudel - Gurzu
My experience with Mobile Testing - Asmita Poudel - GurzuMy experience with Mobile Testing - Asmita Poudel - Gurzu
My experience with Mobile Testing - Asmita Poudel - GurzuGurzuInc
 
Upgrading Services _ Ashraya Tuldhar _ Knowledge ketchup.pptx
Upgrading Services _ Ashraya Tuldhar _ Knowledge ketchup.pptxUpgrading Services _ Ashraya Tuldhar _ Knowledge ketchup.pptx
Upgrading Services _ Ashraya Tuldhar _ Knowledge ketchup.pptxGurzuInc
 
The real definition of done (1).pptx.pdf
The real definition of done (1).pptx.pdfThe real definition of done (1).pptx.pdf
The real definition of done (1).pptx.pdfGurzuInc
 
Fantastic Blogs and How to Write Them | Alaka Acharya.pptx
Fantastic Blogs and How to Write Them | Alaka Acharya.pptxFantastic Blogs and How to Write Them | Alaka Acharya.pptx
Fantastic Blogs and How to Write Them | Alaka Acharya.pptxGurzuInc
 
The power of saying no | Abinash Bhattarai | Gurzu.pdf
The power of saying no | Abinash Bhattarai | Gurzu.pdfThe power of saying no | Abinash Bhattarai | Gurzu.pdf
The power of saying no | Abinash Bhattarai | Gurzu.pdfGurzuInc
 
Hotwire and Turbo - Knowledge Ketchup - Prajit Bhandari.pdf
Hotwire and Turbo - Knowledge Ketchup - Prajit Bhandari.pdfHotwire and Turbo - Knowledge Ketchup - Prajit Bhandari.pdf
Hotwire and Turbo - Knowledge Ketchup - Prajit Bhandari.pdfGurzuInc
 
Automation Testing - G1 conference Ch13.pptx
Automation Testing - G1 conference Ch13.pptxAutomation Testing - G1 conference Ch13.pptx
Automation Testing - G1 conference Ch13.pptxGurzuInc
 
CSS 101 - G1 conference Gurzu.pptx
CSS 101 - G1 conference Gurzu.pptxCSS 101 - G1 conference Gurzu.pptx
CSS 101 - G1 conference Gurzu.pptxGurzuInc
 
Discussion Regarding benefits on taxes on income from employment.pptx
Discussion Regarding benefits on taxes on income from employment.pptxDiscussion Regarding benefits on taxes on income from employment.pptx
Discussion Regarding benefits on taxes on income from employment.pptxGurzuInc
 
How not to Model Data - G1 conference.pptx
How not to Model Data - G1 conference.pptxHow not to Model Data - G1 conference.pptx
How not to Model Data - G1 conference.pptxGurzuInc
 
API Testing.pptx
API Testing.pptxAPI Testing.pptx
API Testing.pptxGurzuInc
 
Building CI_CD for Mobile Development.pptx
Building CI_CD for Mobile Development.pptxBuilding CI_CD for Mobile Development.pptx
Building CI_CD for Mobile Development.pptxGurzuInc
 

Más de GurzuInc (17)

Power of documentation | Aarati Shah | Gurzu.pdf
Power of documentation | Aarati Shah | Gurzu.pdfPower of documentation | Aarati Shah | Gurzu.pdf
Power of documentation | Aarati Shah | Gurzu.pdf
 
The Art of Refactoring | Asmit Ghimire | Gurzu.pdf
The Art of Refactoring | Asmit Ghimire | Gurzu.pdfThe Art of Refactoring | Asmit Ghimire | Gurzu.pdf
The Art of Refactoring | Asmit Ghimire | Gurzu.pdf
 
I'm Programmer _ Ganesh Kunwar _ Gurzu.pdf
I'm Programmer _ Ganesh Kunwar _ Gurzu.pdfI'm Programmer _ Ganesh Kunwar _ Gurzu.pdf
I'm Programmer _ Ganesh Kunwar _ Gurzu.pdf
 
Obtaining Your Tax Clearance Certificate_ A Quick Guide | Deepak Rai | Gurzu.pdf
Obtaining Your Tax Clearance Certificate_ A Quick Guide | Deepak Rai | Gurzu.pdfObtaining Your Tax Clearance Certificate_ A Quick Guide | Deepak Rai | Gurzu.pdf
Obtaining Your Tax Clearance Certificate_ A Quick Guide | Deepak Rai | Gurzu.pdf
 
Problem Solving Skill - Bishal Sapkota - Gurzu
Problem Solving Skill - Bishal Sapkota - GurzuProblem Solving Skill - Bishal Sapkota - Gurzu
Problem Solving Skill - Bishal Sapkota - Gurzu
 
My experience with Mobile Testing - Asmita Poudel - Gurzu
My experience with Mobile Testing - Asmita Poudel - GurzuMy experience with Mobile Testing - Asmita Poudel - Gurzu
My experience with Mobile Testing - Asmita Poudel - Gurzu
 
Upgrading Services _ Ashraya Tuldhar _ Knowledge ketchup.pptx
Upgrading Services _ Ashraya Tuldhar _ Knowledge ketchup.pptxUpgrading Services _ Ashraya Tuldhar _ Knowledge ketchup.pptx
Upgrading Services _ Ashraya Tuldhar _ Knowledge ketchup.pptx
 
The real definition of done (1).pptx.pdf
The real definition of done (1).pptx.pdfThe real definition of done (1).pptx.pdf
The real definition of done (1).pptx.pdf
 
Fantastic Blogs and How to Write Them | Alaka Acharya.pptx
Fantastic Blogs and How to Write Them | Alaka Acharya.pptxFantastic Blogs and How to Write Them | Alaka Acharya.pptx
Fantastic Blogs and How to Write Them | Alaka Acharya.pptx
 
The power of saying no | Abinash Bhattarai | Gurzu.pdf
The power of saying no | Abinash Bhattarai | Gurzu.pdfThe power of saying no | Abinash Bhattarai | Gurzu.pdf
The power of saying no | Abinash Bhattarai | Gurzu.pdf
 
Hotwire and Turbo - Knowledge Ketchup - Prajit Bhandari.pdf
Hotwire and Turbo - Knowledge Ketchup - Prajit Bhandari.pdfHotwire and Turbo - Knowledge Ketchup - Prajit Bhandari.pdf
Hotwire and Turbo - Knowledge Ketchup - Prajit Bhandari.pdf
 
Automation Testing - G1 conference Ch13.pptx
Automation Testing - G1 conference Ch13.pptxAutomation Testing - G1 conference Ch13.pptx
Automation Testing - G1 conference Ch13.pptx
 
CSS 101 - G1 conference Gurzu.pptx
CSS 101 - G1 conference Gurzu.pptxCSS 101 - G1 conference Gurzu.pptx
CSS 101 - G1 conference Gurzu.pptx
 
Discussion Regarding benefits on taxes on income from employment.pptx
Discussion Regarding benefits on taxes on income from employment.pptxDiscussion Regarding benefits on taxes on income from employment.pptx
Discussion Regarding benefits on taxes on income from employment.pptx
 
How not to Model Data - G1 conference.pptx
How not to Model Data - G1 conference.pptxHow not to Model Data - G1 conference.pptx
How not to Model Data - G1 conference.pptx
 
API Testing.pptx
API Testing.pptxAPI Testing.pptx
API Testing.pptx
 
Building CI_CD for Mobile Development.pptx
Building CI_CD for Mobile Development.pptxBuilding CI_CD for Mobile Development.pptx
Building CI_CD for Mobile Development.pptx
 

Último

Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 

Último (20)

Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 

DDOS Attack - Gurzu Nepal

  • 10. 3 TYPES 1. Application-Layer Attacks 2. Protocol Attacks 3. Volumetric Attacks
  • 11. APPLICATION-LAYER ATTACKS • Targets and disrupts a specific app, not an entire network. • A hacker generates a high number of HTTP requests that exhaust the target server's ability to respond. • Challenging to prevent as it is difficult to distinguish between legitimate and malicious HTTP requests.
  • 12. PROTOCOL ATTACKS • Also known as network-layer attacks. • Exploit weaknesses in the protocols or procedures that govern internet communications. • Use spoofing to create an infinite loop of requests until the system crashes.
  • 13. VOLUMETRIC ATTACKS • Consumes a target's available bandwidth with false data requests and creates network congestion. • Most common type of this attack is the DNS amplification attack. • All volumetric attacks rely on botnets. • Volumetric attacks are the most common type of DDoS.
  • 14. USUAL DDOS SYMPTOMS • Large amounts of traffic coming from clients with same or similar characteristics. E.g. device type, browser type/version, IP or IP range, and location etc. • An exponential, unexpected rise in traffic at a single endpoint/server. • A server starts repeatedly crashing for no reason. • Your website is taking too long to respond to requests.
  • 15. RESPONDING TO A DDOS ATTACK •Blackhole filtering:Go through incoming traffic and determine a limitation criterion. Use the criterion to route malicious traffic into a blackhole, essentially dropping it. •Casting:Distribute the traffic across multiple servers, increasing your capacity, and decreasing the chances of individual servers getting overwhelmed. •IP Blocking: If you are noticing unexpectedly high traffic from the same range of IP addresses, block them.
  • 16. PREVENTING DDOS ATTACKS •Real-time packet analysis: Analyze packets based on different rules, as they enter your system, discarding the potentially malicious ones. •DDoS defense system (DDS): A DDS can detect legitimate-looking content with malicious intent. It protects against both protocol and volumetric attacks, without requiring any human intervention. •Web application firewall:Web application firewalls (WAF) are a great tool to mitigate application layer DDoS attacks. They give you a way to filter incoming requests, based on different rules, which can also be added on-the-fly, in response to an attack. •Rate limiting:Limit the number of requests a server can entertain over a certain time period.