DDoS Glossary

ACK Flood

TCP ACK flood, or ‘ACK Flood’ for short, is a network DDoS attack comprising TCP ACK packets. The packets will not contain a payload but may have the PSH flag enabled.

Read More

Always-on and On-demand

‘Always-on’ and ‘On-demand’ are two opposite terms referring to the DDoS mitigation cloud service. In an Always-on deployment, the service or network is constantly being protected by the DDoS mitigation service, while in On-demand there is no protection most of the time, and the DDoS mitigation layer is inserted only under a DDoS attack or…

Read More

BGP Diversion

BGP Diversion, also known as Infrastructure Protection, is a type of Cloud Protection in which the customer is able to divert its traffic to the DDoS provider using a BGP announcement. This method is applicable only to organizations that possess a C Class network and that can advertise it via BGP. To divert the traffic,…

Read More

Blacklist / Whitelist

Blacklist and whitelist are two different yet very similar technologies that often come in tandem. Blacklist is the ability to block an entity such as a user-based IP or an entire network range or geographical location. Whitelist is the opposite – it allows a certain entity to pass even if the other technologies have decided…

Read More

CAPTCHA

CAPTCHA or CAPTCHA Challenge is a type of Web Challenge.  CAPTCHA stands for ‘Completely Automated Public Turing test to tell Computers and Humans Apart’. It is challenge intended to differentiate between computers and humans. Computers generally are unable to solve the CAPTCHA and state the word and letters, while humans are. CAPTCHA is used to…

Read More

CDN Debug Information

CDN Debug Information, or in short “Debug Info” is a technique used and supported by CDNs in order to debug the CDN behavior. The debug info allows a client to gain information from the CDN such as: Debug Type Debug Info Caching Information about the caching status of the resource: was the resource received from…

Read More

Cloud Protection and On-Premises Protection

DDoS mitigation can arrive in two main forms: Cloud-based and On-premises. On-premises protection is when the DDoS mitigation technology is located inside the customer premises, typically as an appliance or a virtual appliance. A protection outside the customer premises is called Cloud Protection. Oganziations use cloud-based protection by diverting their traffic to the cloud data…

Read More

Cookie Validation (Web Challenge)

Cookie Validation is a type of Web Challenge that is used in DDoS mitigation to filter out attackers from legitimate clients. The challenge is to send every client, attacker and legitimate user a web cookie and to request that the client send it back (typically using the HTTP 302 Redirect command). A virtually legitimate browser…

Read More

Customer-Oriented Pricing Model

The DDoS cloud mitigation pricing model is largely similar, but it is important to understand the differences between them. From a customer point of view, a pricing model should be simple and not contain too many moving parts. It should also be agile so that the customer will not pay for services that are not…

Read More

DDoS Emergency Response

DDoS Emergency Response is a team of experts that can help customers while under DDoS attack to identify, analyze and mitigate the attack. Under attack this team will validate that your site is fully protected. If not, it will enable additional protection or fine-tune existing protection until the attack is mitigated. ARE YOU READY? Answer…

Read More

DDoS Forensics

DDoS Forensics is the digital forensic process to better understand a DDoS attack. Forensics can be done for past attacks but also for ongoing attacks. The output of forensics can shed light on the attack vectors, attack tools and the attacker characteristics or identity. The goal of DDoS forensics is to gain visibility that will…

Read More

DDoS Resiliency Score (DRS)

Each year brings with it new DDoS attack trends. 2015 was characterized by multi-vectors attacks (Radware). 2016 introduced major disruptions in terms of technology and attack scale (SecureList). And Q1 2017 saw a decrease in amplification-type attacks and an increase in encryption-based attacks (SecureList). These are all interesting trends, but how can you use such…

Read More

DDoS Test

A DDoS test, also called a ‘DDoS penetration test’ or ‘DDoS simulation’, is an activity in which an organization launches various DDoS attacks against its own assets to check its actual resiliency. The test allows for the identification of weak points, provides proof of them and increases the protection level. The attacks are usually conducted…

Read More

DDoS Timeline

Date Event Sep 8th VDOS proprietors arrest Set 13th Kerbs on Security website attack by a 620 Gbps DDoS attack October 7~ Mirai botnet code released October 21st Dyn DDoS Attack ARE YOU READY? Answer seven online questions and get a free report assessing your protection status with recommendations for improvement Free DDoS Assesment

Read More

Dedicated DDoS Appliance

A DDoS appliance, also referred to as a dedicated DDoS appliance, maintains as its primary function DDoS mitigation. A DDoS appliance can be either virtual or physical. IPS and WAF often also have DDoS mitigation capabilities; however, it is not their main function and generally they are not as complete as DDoS appliances. Related entries:…

Read More

Direct to Origin DDoS Attacks

DDoS mitigation often uses an architecture in which a CDN or large reverse proxies are placed in front of the web services as a protection layer. However, sophisticated attackers will attempt to reveal the origin network or IP address and attack directly, making the mitigation layer completely useless. This attack technique challenges organizations to either…

Read More

DNS Diversion

DNS Diversion is a type of DDoS cloud protection technique in which an organization is able to divert its traffic to the DDoS provider using a DNS change. The change is as simple as modifying the relevant DNS record so that they will eventually direct traffic to the provider’s IPs. DNS Diversion can be always-on…

Read More

DNS Protection

DNS Protection refers to the ability of a DDoS mitigation provider to mitigate DDoS attacks. This can be done using DDoS mitigation technologies or by moving the organization’s DNS records to the provider DNS server that is strong enough for DNS floods. ARE YOU READY? Answer seven online questions and get a free report assessing…

Read More

DNS Query Flood

DNS Query Flood is a type of DDoS attack that belongs to the application attacks family. During the attack, the attacker sends a succession of UDP packets to a DNS server in attempt to exhaust server-side assets such as CPU or memory. By that. the attack prevent the server from direct legitimate requests to zone resources. Not like…

Read More

DNS Reflected Amplification Flood

DNS Reflected Amplification Flood is a type of DDoS attack that belongs to the application attacks family. During the attack, the attacker exploites a vulnerability in publically-accessible domain name systems (DNS) to flood the target with large number of UDP packets. This attack has two main features: Amplification: Using those DNS servers and various amplification techniques the attacker can…

Read More

Entry Level

A DDoS entry-level plan is intended for SMBs or enterprises . CloudFlare Business and Incapsula Business are both entry level, as they are lower than that bar. Entry level will typically give you protection based on DNS diversion, which is sufficient to protect your web site. Entry level typically does not include BGP diversion, rewith…

Read More

Forensics

DDoS Forensics is the digital forensic process to better understand a DDoS attack, past or-going. The output of forensics can shed light on the attack vectors, attack tools and the attacker characteristics or identity. ARE YOU READY? Answer seven online questions and get a free report assessing your protection status with recommendations for improvement Free…

Read More

Full Service

A product or service function is referred to as Full Service if the customer cannot use or change this function on his own and must request it from the service provider. Full service is in contrast to Self-Service, and generally is a negative trait, as we prefer to give direct control to customers via self-service.…

Read More

Hping

Hping is a free packet generator and analyzer for the distributed IP protocol. It is one of the de facto tools for security auditing and the testing of services and networks. It is a “Swiss Army knife” that generates virtually any IP, TCP or UPD packet. Hping can transmit a single packet, or multiple packets…

Read More

HTTP Flood

HTTP Flood is a type of DDoS attack that belongs to the application attacks family. During the attack, the attacker sends an HTTP GET or POST requests to an application or a web server. The requests sent seems legitimate containing a valide header and entire message correct and complete. However, the message body sent in an…

Read More

Hybrid Protection

Hybrid Protection is DDoS protection that includes both cloud protection and on-premises protection, commonly, but not necessarily, from the same vendor. The advantage of this DDoS architecture is that it enables you to mitigate each attack vector in its optimal location. Related entries: Cloud protection vs on-premises protection. ARE YOU READY? Answer seven online questions…

Read More

IP Protection

What is the problem? Despite the fact that DNS diversion is easier than BGP, BGP is the more complete one because DNS is not good for non-web services. It also does not protect against an attack directly on the IPs or network. The problem is that many organizations do not own a Class-C network that…

Read More

JavaScript Challenge

JavaScript Challenge is a type of Web Challenge that is used in DDoS mitigation to filter out attackers from legitimate clients. The challenge is to send every client, attacker and legitimate user a JavaScript code that includes some kind of challenge. Virtually any legitimate browser support has a JavaScript stack and will easily understand and…

Read More

Modern CAPTCHA

Modern CAPTCHA is a type of challenge intended to differentiate between computers and humans. Modern CAPTCHA address the shortcoming of the traditional CAPTCHA ,namely thathumans are also having trouble to pass them successfully. NOCAPTCHA ReCAPTCHA is the most prominent example of modern CAPTCHA. Related entreis: CAPTCHA, Web Challenges, Web Challenge Spectrum ARE YOU READY? Answer…

Read More

Non-Web Protocols Support

Non-web protocols support refers to the ability to protect non-web protocols (e.g., proprietary gaming protocols) even if the organization does not posess a Class C network. An organization that posesses a Class C network can divert the traffic to the provider using BGP. Otherwise, in most cases it is not possible because many vendors allow…

Read More

Peacetime

In DDoS, ‘Peacetime’ refers to the period during which your organization is not under attack and your DDoS mitigation service is expected to be quiet, causing no false alarms and being stable. Peacetime is in contrast to ‘Wartime’. Related entries: Wartime ARE YOU READY? Answer seven online questions and get a free report assessing your…

Read More

Rate Limit

Rate limit is a technology used in DDoS mitigation. The rate limit technology ensures that each individual asset will not make too many transactions to the protected server or network. For example, each IP cannot make more than five HTTP requests per second. Rate limit is effective in keeping the service safe from many variations…

Read More

Reverse Proxy and Caching (DDoS Mitigation Technology)

Reverse Proxy (Web Reverse Proxy) and Caching are two different technologies that often come in tandem, especially in DDoS. The reverse proxy acts as an effective DDoS layer, as it is located between the attacker and the targeted server. Virtually all the network attacks directed at the server will hit a wall when they reach…

Read More

Self-Service

A product or service function is referred to as Self-Service if the customer can use or change it on his own and does not necessarily need to request it from the service provider. Self-Service is in contrast to Full Service, and generally is a positive feature, as we prefer to give direct control to the…

Read More

Signatures

Signatures—or ‘DDoS Signature’ or ‘IPS DDoS Signatures’—refers to a significant DDoS mitigation technology in which DDoS attacks are detected and blocked based on their known patterns. For example, the famous Anonymous tool LOIC (Low Orbit Ion Canon) carries a certain pattern that a signature can block. Signatures are divided into two types: vendor and user.…

Read More

Silent Bot Detection

Silent bot detection is an advanced web challenge technology to detect bots by sending JavaScript code that does passive and proactive checks to validate if the client is a human or a bot. This can include checking for the existence of mouse and keyboard, checking if the browsers features resembles a browser used by real…

Read More

SMB Plans

SMB plans refer to plans that are defined here as including DDoS protection and that are lower than $5,000 annually. Those plans are much cheaper than enterprise plans; however, respectively, they include only a subset of the offerings. You will get DDoS mitigation, Web Protection and security logs, but you will not get Infrastructure Protection…

Read More

SYN Flood

Family Network Attacks Attack Vector SYN Flood Variants Tsunami SYN Flood DRS ID 11001 Supports spoofing Yes Capture file example Description TCP SYN Flood is a network DDoS attack comprising numerous TCP SYN packets that are sent to the victim. It is one of the oldest attacks in DDoS history, yet is still very common…

Read More

UDP Flood

Family Network Attacks Attack Vector UDP Flood Variants Reflective Amplified FloodsDNS Garbage FloodUDP Port 80 Garbage Flood DRS ID 22003 Supports spoofing Yes Capture file example Description A UDP Flood is a network DDoS attack involving the sending of numerous UDP packets toward the victim. This attack can arrive from a spoofed source IP address;…

Read More

WAF Appliance with DDoS

The Web Appliaction Firewall (WAF) appliance is a security appliance that protects web servers from many types of attacks. A WAF can be either physical or virtual. Many WAFs today come with a DDos mitigation feature. Related entries: DDoS Appliance ARE YOU READY? Answer seven online questions and get a free report assessing your protection…

Read More

Wartime

In DDoS, ‘Wartime’ refers to the period during which your organization is under attack and your DDoS mitigation service is expected to mitigate the attack successfully. Wartime is in contrast to ‘Peacetime’. Related Entries: Peacetime ARE YOU READY? Answer seven online questions and get a free report assessing your protection status with recommendations for improvement…

Read More

Web Caching

A web cache (or HTTP cache) is technology for the temporary storage (hence, caching) of web content.  The technology is used to reduce the load from web servers, reduce bandwidth usage and improve acceleration. Web Caching, when used in tandem with web reverse proxy, is an effective layer against DDoS because many attack vectors will…

Read More

Web Challenge Spectrum

Web challenges are one of the most effective ways to stop web-based DDoS attacks. There  are different types of challenges, which will be explained below. Some challenges are transparent to users, yet block significant types of attackers. Others are very strong and do not allow any bot to pass, yet do so at the cost…

Read More

Web Challenges

Web Challenges are several technologies used to distinguish between real humans and bots in general, or DDoS bots in our context. There are several types of challenges. The best-known one is the CAPTCHA, which is very intrusive, but there are other, less-intrusive transparent challenges such as Cookie Validation or the JavaScript Challenge. Web Challenges are…

Read More

Web Protection and Infrastructure Protection

Cloud-based DDoS mitigation services offers two primary protection types: web protection and infrastructure protection. Web protection is the ability to protect web sites and web based services typically by means of DNS diversion. Infrastructure Protection is the ability to protect the direct attack on the organization IP or Network, typically by means of BGP diversion.…

Read More

Web Reverse Proxy

‘Web reverse proxy’  or, in short, ‘reverse proxy’, is a server that receives the client’s request, and then requests it indirectly from the web server. When the proxy is strong enough, it acts as an effective DDoS layer, as it reduces the attack surface and, specifically, mitigates virtually all the network attacks that never reach…

Read More