A Summary of DoS/DDoS Prevention, Monitoring and Mitigation Techniques in a Service Provider Environment

The frequency and sophistication of Denial of Service (DoS) and Distributed Denial of Service attacks (DDoS) on the Internet are rapidly increasing. Service providers are under mounting pressure to prevent, monitor and mitigate DoS/DDoS attacks directed toward their customers and their infrastructure. The Internet is part of the critical national infrastructure but is unique in that it has no customary borders to safeguard it from attacks. Attacks that are seen everyday on the Internet include direct attacks, remote controlled attacks, reflective attacks, worms, and viruses. Specific attacks directed at a service provider's infrastructure can be very damaging and cause wide spread outages. This paper covers these attacks and discusses techniques to prevent attacks including good security policies, new/updated product security testing, patch management, spoofed packet dropping (uRPF) and firewall/IDS/IPS deployment in a service provider environment. Protection of the provider's infrastructure is another key aspect and is addressed in this paper.