If you see persistent DoS attacks from multiple IP addresses, a more systemic solution might be required. A number
of ISPs provide distributed denial-of-service (DDoS) mitigation in the cloud (Cisco Systems Inc. Guards or Arbor Networks TMS) as a service to their customers. These services can filter DDoS traffic quite a few hops beyond the enterprise network's border router, thereby protecting the network. Another option for how to stop a DoS attack might be to purchase a traffic anomaly detection appliance and deploy it in front of your border routers. In this case, mitigation will still work, but, as the appliance is much closer to the network, it could potentially be less effective. The reason for this is that bandwidth saturation, due to the DDoS attack, has propagated to the last hop where available bandwidth is limited. Addressing this at the ISP's cleaning centers avoids this limitation.
As to contacting law enforcement, organizations in the U.S. interested in an investigation of a DoS attack can contact their local FBI field office for guidance and information.
Dig deeper on Denial of Service (DoS) Attack Prevention-Detection and Analysis
Related Q&A from Anand Sastry, featured expert
While encrypting production servers may seem like a good security move, according to Anand Sastry, doing so may not be worth the resources it uses.continue reading
Transferring files from a DMZ to an internal FTP server can be risky. In this expert response, Anand Sastry explains how to use SFTP automation to ...continue reading
When setting up a site-to-site VPN, where should the VPN endpoint be in the DMZ? Learn more in this expert response.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.