Follow

Mitigation Metrics: Countermeasures FAQ

Countermeasures FAQ

Q: What are Countermeasures?

A: Countermeasures are a set of mitigations in place to stop a DDoS attack.

 

Q: What can I view within the Portal pertaining to a Countermeasure?

A: Packets and Bits dropped by a particular mitigation, top dropped IPs, and a IP search function.

 

Q: How are the countermeasure mitigations defined?

A:

Invalid Packets = Packets that are not RFC compliant.
IPv4 Deny/Allow Lists = List of IPs to drop or pass traffic without further inspection.
Zombie Detection = Uses threshold values to block hosts (“zombies”) that send excessive traffic
TCP SYN Authentication = Intercepts and authenticates inbound TCP connections to the protected hosts.
DNS Authentication = Authenticates DNS requests and drops the requests that cannot be authenticated
TCP Connection Reset = Tracks established TCP connections and drops the traffic when a connection remains idle for too long.
Payload Regular Expression = Allows mitigation to drop malicious TCP or UDP traffic in any packet type.
Source /24 Baselines = Protects a network from uncharacteristic surges in traffic volume per SRC /24 network. Collects historical traffic data from the configured managed object & if traffic rates exceed a calculated baseline threshold it denylists the traffic.
Protocol Baselines = Protect your network from uncharacteristic surges in traffic volume per protocol. Collects historical traffic data from the configured managed object. If traffic rates exceed a calculated baseline threshold, then the SRC host is denylisted for 5min.
DNS Malformed = Filters DNS requests that do not conform to RFC standards.
DNS Rate Limiting = Limits the number of DNS queries that a host can send per second
DNS NXDomain Rate Limiting = Monitors response packets for hosts that send requests that might cause non-existent domain (NXDomain) responses to be generated. This countermeasure protects against DNS cache poisoning and dictionary attacks.
DNS Regular Expression = Allows you to configure a mitigation RegEx to inspect/drop malicious DNS requests.
HTTP Malformed = Drops HTTP traffic that does not conform to the RFC standards.
HTTP Rate Limiting = Limits the rates at which a host can send HTTP requests.
AIF and HTTP/URL Regular Expression = HTTP header regular expressions and/or URL filter lists to drop traffic.
SSL Negotiation = Tracks excessive Renegotiation attempts or connections that push no data.
SIP Malformed = Drops SIP (VoIP) traffic that does not conform to the RFC standards.
SIP Request Limiting =  Limits the number of SIP requests that a host can send per second.
Shaping = Allows control the level of bps/pps traffic to ensure that links do not become overwhelmed.
IP Location Policing = Uses individual settings of IP location data

 

 

Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request