Follow

Q&A: Which Silverline service is recommended for different types of DDoS attacks?

Question

Which Silverline service is recommended for different types of DDoS attacks?

 

Environment

  • DDoS

Answer

Attack Type Recommended DDoS service 
TCP SYN Flood
  • Proxy: Benefit is that SYN floods will be against Silverline infrastructure, not CPE
  • Routed: Benefit is that any destination in prefix is capable of being mitigated by Silverline (no DNS changes required)
UDP Flood
  • Proxy: Benefit is that UDP floods will be automatically mitigated by Silverline ACLs if destination proxy does not expect UDP
  • Routed: Benefit is that any destination in prefix is capable of being mitigated by Silverline (no DNS changes required)
HTTP/S Floods
  • A proxy is necessary for HTTP/S floods as payload inspection is required to identify attack patterns and apply mitigation
  • Not recommended with Silverline's routed service as connections do not terminate on our network and we do not have your certificate/key to decrypt traffic
IP Proto Flood / Other
  • Proxy: Benefit is that other protocol floods will be automatically mitigated by Silverline ACLs if destination proxy does not expect it
  • Routed: Benefit is that any destination in prefix is capable of being mitigated by Silverline (no DNS changes required)

 

Other defensive posture considerations

Available countermeasures Associated DDoS service
IP denylisting, IP allowlisting Available with both DDoS proxies and DDoS routed solution
Threat Intelligence Only available with DDoS proxies
L7 DDoS Profiles Only available with DDoS proxies

 

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request