A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. There are three types of DDoS attacks. Layer 3,Layer 4 DDoS attacks and Layer 7 DDoS attack.

Layer 3 / 4 DDoS attacks

The majority of DDoS attacks focus on targeting the Transport and Network Layers of the OSI Model. These types of attacks are usually comprised of volumetric floods that aim to overwhelm the target devices, denying or consuming resources until they're unreachable. In these types of DDoS attacks, malicious traffic (TCP / UDP) is used to flood the victim.

Layer 7 DDoS attacks

Application-layer DDoS attacks are some of the most difficult attacks to mitigate against because they mimic human behavior as they interact with the user interface. A sophisticated Layer 7 DDoS attack may target specific areas of a website, making it even more difficult to separate from normal traffic.

**RESOLUTION:**Please be aware that mitigating DDoS Attacks at the Firewall level is far less effective than at the ISP level. Once packets have made it to the Firewall, typically the network edge device, they're going to overwhelm your network such that it will be hard for traffic to get in or out. Mitigating DDoS at the firewall level will allow you to preserve and protect internal resources so that internal users may still be able to function and sensitive information isn't compromised.

Enable Flood Protection; Need to check SYN Flood, UDP Flood or ICMP Flood is enabled or not

Enable Geo-IP Filter and Botnet Filter

Denial-of service (DoS) and distributed DoS (DDoS) attacks have been around for quite some time now, but there has been heightened awareness of them over the past few years.

The reason for this increased attention is in large part due to the attacks that took place against the financial services sector in the fall of 2012 and spring of 2013.

DDoS attacks can generally be divided into the following three categories:

■ Direct: Direct DDoS attacks occur when the source of the attack generates the packets, regardless of protocol, application, and so on, that are sent directly to the victim of the attack.

■ Reflected: Reflected DDoS attacks occur when the sources of the attack are sent spoofed packets that appear to be from the victim, and then the sources become unwitting participants in the DDoS attacks by sending the response traffic back to the intended victim.

UDP is often used as the transport mechanism because it is more easily spoofed due to the lack of a three-way handshake. For example, if the attacker (A) decides he wants to attack a victim (V), he will send packets (for example, Network Time Protocol [NTP] requests) to a source (S) who thinks these packets are legitimate. The source (S) then responds to the NTP requests by sending the responses to the victim (V), who was never expecting these NTP packets from source (S).

https://img-c.udemycdn.com/redactor/raw/article_lecture/2021-07-24_10-08-37-02db4bc748273b7384ec67e9d7d7ccc2.PNG

■ Amplification: Amplification attacks are a form of reflected attacks in which the response traffic (sent by the unwitting participants) is made up of packets that are much larger than those that were initially sent by the attacker (spoofing the victim). An example of this is when DNS queries are sent and the DNS responses are much larger in packet size than the initial query packets. The end result is that the victim gets flooded by large packets for which it never actually issued queries.

https://img-c.udemycdn.com/redactor/raw/article_lecture/2021-07-24_10-09-22-c8caccbd05c4a896bf9b8438d8981815.PNG