More details on the type of DDoS attacks that are easily filtered:
Ø IP non-existing protocol attack such as Flood with IP packets with reserved values in protocol field;
Ø Attack with fragments such as sending mangled IP fragments with overlapping, over-sized payloads to the target machine;
Ø ICMP attacks such as: ICMP Flood, Smack, Smurf attack (OBSOLETE);
Ø IGMP attacks such as: IGMP flood;
Ø TCP attacks such as: SYN Flood, SYN-ACK Flood, ACK Flood, FIN Flood, RST Flood, TCP ECE Flood, TCP NULL Flood, TCP Erroneous Flags Flood, TCP Xmas, Fake Session, SRC IP Same as DST IP;
Ø UDP attacks such as: General Random UDP Floods, Fraggle, DNS query, DNS Amplification (+DNSSEC), NTP Amplification, SNMPv2, NetBIOS, SDP, CharGEN, QOTD, BitTorrent, Kad, Quake Network Protocol, Steam Protocol;
Ø HTTP attacks such as: Slowloris (Apache / IIS Attack), R-U-Dead-Yet (RUDY), HTTP Object Request Flood;
Ø Other category attacks such as: Misused Application Attack, Slow Read attack.
DDos protection has 3 states:
– “sensor” > detects and redirects the traffic only when an attack is detected. This is normally a matter of seconds.
Please note that in the few seconds it takes the sensor to kick in, customer services may be affected if the volume of the DDOS attacks is already bigger than the uplink contracted capacity.
– “always on” > traffic is always filtered, good for servers that are very sensitive to abrupt load of traffic, but we do not recommend this status unless is necessary
– always off” > doesn’t filter the traffic whatever happens – this is not recommended and it is available only on request.