DoS, DDoS, and TDoS protection
Performance Testing (load testing, capacity testing, stress testing, spike testing, soak testing), Chaos Engineering, and DDoS/TDoS protection to make your systems robust and resilient
DoS attack (“Denial of Service”) is a violation of the availability requirement, which leads to business downtime, and reputational and financial losses.
DDoS attack (Distributed Denial of Service) is a malicious attempt to disrupt the normal traffic of a target server, service, or network by overloading the target or its surrounding infrastructure with a stream of Internet traffic.
TDoS attack (Telecommunication Denial of Service) are denial-of-service attacks on telecommunication networks. Such attacks target telephones.
DDoS attacks are effective because they use multiple compromised computer systems as sources of attack traffic. The employed machines can include computers and other network resources such as IoT devices.
A DDoS attack is like an unexpected traffic jam clogging up a motorway, preventing regular vehicles from arriving at their destination.
In general terms, DoS and DDoS attacks can be divided into three categories:
Include UDP floods, ICMP floods, and other spoofed packet flows. The goal of these attacks is to overflow the bandwidth of the attacked website or another object. The attack volume is measured in bits per second (bps).
Include SYN flood, fragmented packet attacks, Ping of Death, Smurf DDoS, and others. This type of attack consumes actual server resources or the resources of intermediate communication equipment such as firewalls and load balancers, and is measured in packets per second (Pps).
Include small and slow attacks, GET/POST floods, attacks targeting the webserver, Windows or OpenBSD vulnerabilities, and more. Consist of seemingly legitimate and innocent requests. The purpose of these attacks is to crash the server, and their volume is measured in requests per second (Rps).
Thus, DoS/DDoS protection will help keep your systems available and minimize the impact of such attacks.REQUEST A QUOTE
We offer a comprehensive approach at each level of DoS, DDoS, and TDoS protection:
- Basic level. Implementations and configuration of Cloudflare, Impreva Incapsula, Akamai, or other service to hide real IP addresses from the Internet.
- Application level. Analysis of problematic requests. We check the application source code and profiling results, we find bottlenecks that, for example, are not automatically scaled by means of the Kubernetes cluster. Filtration, IVR, and other TDoS protection measures.
- Testing. Our team of specialists conducts an attack simulation to test the solution and make sure that your application is ready for a real DoS/DDoS attack. We use comprehensive chaos engineering methods and tools, botnet simulations, etc.
Performance Testing vs. Chaos Engineering
|Performance Testing||Chaos Engineering|
– Chaos Monkey
|Findings||– Response time (load test)|
– Maximum allowed number of users (capacity test)
– Unexpected bugs (stress test, spike test)
– Bugs showing up over time (soak test)
|– Application-level weaknesses (API fuzzing, etc.)|
– Host failures (shutdown, reboot, etc.)
– Resource attacks (CPU, IO, RAM, etc.)
– Network attacks (drop, loss, delay, DNS, etc.)
– Region attacks (split-brain, etc.)
Check out our additional services and business cases. Send the form below to request protection against DoS/DDoS/TDoS attacks. Get a free consultation.