Problem solve Get help with specific problems with your technologies, process and projects.

Distributed denial-of-service protection: How to stop DDoS attacks

In this tip, which is a part of our Web Application Attacks Security Guide, you will learn what a distributed denial-of service (DDoS) attack is, and learn how to stop and prevent DDoS attacks by using intrusion prevention technologies and products.

A distributed denial-of-service (DDoS) attack can be detrimental to an organization, costing it time and money, by forcing corporate systems to essentially shut down. In this tip, gain a better understanding of how distributed denial-of-service attacks work, the damage they can do and how to stop DDoS attacks from causing harm to enterprise servers and systems.

How do distributed denial-of-service attacks work?

A malicious hacker performs a DDoS attack by exploiting flaws or vulnerabilities in a computer system (often a website or Web server) to be able to pose as the master system. When posing as the master system, the hacker is able to identify and communicate with other systems for potential further compromise.

Once the intruder has control of multiple compromised systems, he/she can instruct the machines to launch one of many flood attacks where a target system is flooded with bogus traffic requests, which will cause a denial of service for users of that system. A flood of incoming messages from the compromised systems will caused the targeted system to shut down and deny service to it, making it impossible for users to access anything, and therefore costing the organization time and money.

How to stop distributed denial-of-service (DDoS) and prevent attacks

Preventing a distributed denial-of-service attack can be difficult since it is challenging to differentiate a malicious traffic request from a legitimate one since they use identical protocols and ports. However, there are several steps you can take to protect your systems from distributed denial-of-service attacks:

• Ensure there is an excess of bandwidth on the organization's Internet connection: This is one of the easiest defenses against DDoS, but it can also be costly. Simply having a lot of bandwidth to service traffic requests can help to protect against low-scale DDoS attacks. Also, the more bandwidth an organization has, the more attackers must do to clog its connection.

• Be sure to use an intrusion detection system (IDS). Several intrusion detection systems available today are equipped with the technology to protect systems for DDoS attacks by using connection verification methods and by preventing certain requests from reaching enterprise severs.

• Use a DDoS protection product. Several vendors offer DDoS protection and prevention appliances that are specifically designed to find and thwart DDoS attacks.

• Prepare for DoS response. The use of throttling and rate-limiting technologies can reduce the effects of a DoS attack.

• Maintain a backup Internet connection with a separate pool of IP addresses for critical users. This offers an alternate path if the primary circuit is overwhelmed with malicious requests.

More on this topic

  • In this Q&A, Ed Skoudis explains how ISPs thwart DDoS attacks.
  • Prevent DDoS attacks  by blocking and rerouting DDoS and DoS traffic using honeypots, subnets and intrusion prevention.


  Introduction: Web application security
  How to stop buffer-overflow attacks
  Prevent cross-site scripting hacks
  Stopping SQL injection hack attacks
  Distributed denial-of-service protection
This was last published in January 2010

Dig Deeper on Application attacks (buffer overflows, cross-site scripting)