Incident Response for Anti DOS/DDOS

newbie9090 Lv2Posted 02 Jun 2022 12:38

Hi guys,

1.How do you guys deal with when end user are disconnected from the internet due to match policy with Anti Dos/DDOS policy?

2.Does Anti Dos/DDOS policy rule will disconnect user from the internet or should be denied to browsing?

Thank You

regidorreyes has solved this question and earned 10 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

1.How do you guys deal with when end user are disconnected from the internet due to match policy with Anti Dos/DDOS policy?

answer: The end user is possibly infected by malware causing it to execute DDOS attack. It should be cleaned - by reformatting the OS as an example or scan it with the endpoint security if available.

2.Does Anti Dos/DDOS policy rule will disconnect user from the internet or should be denied to browsing?

answer: Client hitting the policy should be block.
Is this answer helpful?
ArsalanAli Lv3Posted 04 Jun 2022 22:34
1.  I usually disable it's network adopter (or unplug the network cable) and sent that infected PC to support team to reinstall the fresh windows

2.  yes , should be denied
Imran Tahir Lv4Posted 13 Jun 2022 15:58
We removed the system from the network and reinstall the OS then scan the system again .Meanwhile infected user must be lock
regidorreyes Lv5Posted 13 Jun 2022 16:41
1.How do you guys deal with when end user are disconnected from the internet due to match policy with Anti Dos/DDOS policy?

answer: The end user is possibly infected by malware causing it to execute DDOS attack. It should be cleaned - by reformatting the OS as an example or scan it with the endpoint security if available.

2.Does Anti Dos/DDOS policy rule will disconnect user from the internet or should be denied to browsing?

answer: Client hitting the policy should be block.
rivsy Lv5Posted 14 Jun 2022 15:30
Last edited by rivsy 14 Jun 2022 15:33.

Way to prevent DDos attack:

1. Increase bandwidth
One of the most basic steps you can take to protect against DDoS attacks is to make your hosting infrastructure “DDoS resistant”. In essence this means that you prepare enough bandwidth to handle traffic spikes that may be caused by cyber attacks.

Please be reminded however that purchasing more bandwidth itself does not satisfy as a complete solution to mitigate DDoS attacks. When you increase bandwidth, it does raise the bar which attackers have to overcome before they can launch a successful DDoS attack, but you should always combine this with other mitigation tactics to completely safeguard your website.

2. Leverage a CDN Solution, or even better Multi CDN
CDN providers offer plenty of cybersecurity features and tools to protect your website from hackers. They also offer free SSL certificates. What’s more, when you add your website to these service providers, by default it provides DDoS protection to mitigate attacks on your server network and application.

The rationale behind this is that when you leverage a CDN network, all malicious requests targeting L3/L4 that aren’t accessing via port 80 and 443 will be filtered out automatically thanks to CDN’s port protocol.

Using a CDN can balance out website traffic so that your capped server would not be overwhelmed. Also, CDNs spread your traffic across servers in different locations, making it difficult for hackers to spot your original server to launch an attack.

In addition, with a Multi CDN solution you’ll be able to make use of a large network of PoPs from not one, but multiple CDN providers, allowing your website to sustain DDoS attacks via an even larger, multi-terabit-per-second globally distributed network.

3. Implement server-level DDoS protection
Some web hosts include server-level DDoS mitigation tools in their offering. As this feature is not always offered by web hosting companies, you should check with your web host. Some companies include it as a free service, while others offer it as a paid add-on. It all depends on the provider and hosting plan.

4. Fear the worst, plan for DDoS attacks ahead
Planning for a cyberattack in advance, enables you to respond quickly before they actually start harming your website.

A proper cyber security plan includes a list of co-workers who will deal with the attack. It also outlines the way the system will prioritize resources to keep most apps and services online, which could keep your business from crashing. Finally, you can also plan how to contact the Internet Service Provider that’s supporting the attack, since they may be able to help stop it entirely.

5. Remind yourself that you’re never ‘too small’ to be DDoS’ed
Many small business owners think that they’re scale isn’t large enough to fall victim to cyber attacks. However, as truth has it, cyber criminals target small businesses and startups more often than large enterprises. This is because bigger companies usually are more inclined to implement security solutions to deal with hackers attempts.

6. Switch to a hybrid or cloud-based solution
When you switch to using hybrid or cloud-based services, chances are that you have access to unlimited bandwidth. Many websites that are affected by DDoS are sites which run with limited resources. Moving to a cloud-based solution can help you be on the safe side.

7. Bullet-proof your network hardware configurations
You can prevent a DDoS attack by making a few simple hardware configuration changes.

For instance, you can configure your firewall or router to drop incoming ICMP packets or block DNS responses from outside your network (by blocking UDP port 53). This will help protect against certain DNS and ping-based volumetric attacks.

How can businesses protect themselves from distributed denial of service (DDoS)attacks?
To protect themselves and their servers from DDoS attacks, businesses need to look for security solutions from a reputable cyber security vendor like Sangfor. This is because of the nature of DDoS attacks; by targeting different weaknesses, no single solution can completely protect against DDoS attacks. At Sangfor, we offer businesses the capability to withstand and defend against DDoS attacks with minimal disruption to service. Some of the solutions that protect against DDoS attacks include:

  • Blackhole routing:

      This direct all site traffic to a fake IP address in the event of a DDoS attack. While it will help protect the server from a period of down-time, legitimate traffic will still be guided into this “blackhole” and not be able to access the site.

  • Rate limiting:

      A security device is used to control the amount of web requests or network traffic allowed through negating a DDoS attack. However, this will limit the amount of legitimate users trying to access it.

  • A Next-generation firewall:

      A next-generation firewall like Sangfor NGAF is instrumental in detecting and defending against DDoS attacks. It offers both inbound and outbound (in the event your systems are part of a botnet) attack protection.

  • Botnet detection:

      Sangfor Botnet Detection helps you scan for botnets in your network through deep learning, visual display of traffic, and flow analysis. Using this advanced technology to detect botnets, Sangfor can help its customers defend against DDoS attacks.

Farina Ahmed Lv5Posted 14 Jun 2022 19:06
We will check VPN policy or radius server policies if in case end user is unable to access the office. If it is due to DDoS attack then we will reconnect after some time.

Yes DDoS attack is denial of service attack in which the server is too much engaged by sending so many pings at the same time so any other device or user is unable to access that server.
jetjetd Lv5Posted 14 Jun 2022 19:12
1. That user has a DDoS that is running on it. Try to isolate it from the network and try to scan it separately.
2. That the behavior of an anti DDoS policy it disconnects you from the network if it suspects you that you have a DoS running.
Faisal P Lv8Posted 16 Jun 2022 15:11
1. A Denial of Service (DoS) attack is a malicious attempt to affect the availability of a targeted system, such as a website or application, to legitimate end users. Typically, attackers generate large volumes of packets or requests ultimately overwhelming the target system. In case of a Distributed Denial of Service (DDoS) attack, and the attacker uses multiple compromised or controlled sources to generate the attack.
2. A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic to a web property. Learn about DDoS attacks and DDoS protection.

I Can Help:


Moderator on This Board


Started Topics




Started Topics




Started Topics




Started Topics




Started Topics




Started Topics



Board Leaders