Techniques, Solutions, and Best Practices for Mitigating DDoS Attacks

18/09/2024

By Graciela Martínez and Guillermo Cicileo

Denial of Service / Distributed Denial of Service (DDoS) attacks represent a serious problem for Internet organizations. These cyberattacks flood a server, service, or network with large volumes of traffic with the aim of rendering the resource inaccessible to legitimate users.

As discussed in our previous article, DDoS attacks are among the most frequent concerns for ISPs.

DDoS attacks exploit vulnerabilities in the various layers of the TCP/IP stack or overwhelm a network’s capacity to handle large volumes of traffic. This is why it is important for organizations to implement comprehensive protection.

In this article, LACNIC CSIRT shares several actions that can complement a DDoS solution and protect both servers and networks.

Let’s take a look at existing best practices and techniques for mitigating DDoS attacks, which can be complemented with commercial or open-source anti-DDoS solutions, as described below.

Best Practices and Techniques for DDoS Attack Mitigation. In this first part of our article, we outline the main actions an organization can implement to prevent DDoS attacks (either by lowering their likelihood and/or by minimizing their impact).

To enhance the configuration of our networks and services to reduce the likelihood of DDoS attacks and strengthen our infrastructure, where feasible, it is advisable to implement redundancy and load distribution, rate limiting, traffic filtering, anycast routing, overload capacity, protection at the protocol level, as well as early detection and response systems. The document published on the LACNIC R&D website details these best practices and provides suggestions for implementing them in your networks.

Similarly, mitigation techniques can help reduce the impact of DDoS attacks when they occur. In this sense, an organization targeted by a DDoS attack can minimize its impact if it has tools to detect and handle this type of situation, or if it has a mitigation plan in place specifically designed for this type of incident.

Anti-DDoS Solutions Available on the Market. Multiple vendors and companies offer a variety of anti-DDoS tools. These include both commercial and open-source solutions. Selecting the solution best suited to each organization depends on various factors, including budget, required protection level, and existing infrastructure.

Cloudflare, Akamai, Amazon Web Services (AWS) Shield, Google Cloud Armor, Imperva Incapsula, Arbor Networks, and F5 Networks are among the most widely used solutions due to their effectiveness and ability to handle large volumes of traffic and their ease of integration and use. The features and benefits of each are detailed in our document.

Among others, open-source solutions include Haproxyr, Gatekeeper, and FastNetMon. These software solutions can be valuable for system administrators and developers seeking to safeguard their applications and networks without the burden of high licensing costs.

Finally, it’s worth noting that ISPs and security providers often offer DDoS scrubbing services to their customers. These services consist of sending the organization clean traffic after absorbing the attack, as they are supposed to have the intelligence to detect and discard most types of DDoS attacks. To ensure effectiveness, they should be complemented with DNS and BGP solutions.

At LACNIC CSIRT, we urge organizations to examine whether they have already implemented the measures listed above.