DoS/DDoS protection

Stress testing to eliminate congestion conditions

DoS attack (“Denial of Service”) is a violation of the system availability requirement, which leads to business downtime, reputational and financial losses.

DDoS attack (Distributed Denial of Service) is a malicious attempt to disrupt the normal traffic of a target server, service, or network by overloading the target or its surrounding infrastructure with a stream of Internet traffic.

Image - DDoS attack

DDoS attacks are effective because they use multiple compromised computer systems as sources of attack traffic. The employed machines can include computers and other network resources such as IoT devices.

A DDoS attack is like an unexpected traffic jam clogging up a motorway, preventing regular vehicles from arriving at their destination.

In general terms, DoS and DDoS attacks can be divided into three categories:

Volumetric AttacksVolumetric Attacks
Include UDP floods, ICMP floods, and other spoofed packet flows. The goal of these attacks is to overflow the bandwidth of the attacked website or another object. The attack volume is measured in bits per second (bps).
Protocol-layer AttacksProtocol-layer Attacks
Include SYN flood, fragmented packet attacks, Ping of Death, Smurf DDoS, and others. This type of attack consumes actual server resources or the resources of intermediate communication equipment such as firewalls and load balancers, and is measured in packets per second (Pps).
Application-layer AttacksApplication-layer Attacks
Include small and slow attacks, GET/POST floods, attacks targeting the web server, Windows or OpenBSD vulnerabilities, and more. Consist of seemingly legitimate and innocent requests. The purpose of these attacks is to crash the server, and their volume is measured in requests per second (Rps).

Thus, DoS/DDoS protection will help keep your systems available and minimize the impact of such attacks.

We offer a comprehensive approach at each level of DoS/DDoS protection:

1) Basic level. Installing and tweaking Cloudflare to hide real IP addresses for the Internet.

2) Application level. Analysis of problematic requests. We check the application source code and profiling results, we find bottlenecks that, for example, are not automatically scaled by means of the Kubernetes cluster.

3) Testing. Our team of specialists conducts an attack simulation to test the solution and make sure that your application is ready for a real DoS/DDoS attack

Check out our additional services and business cases. Send the form below to request protection against DoS attacks and DDoS attacks. Get a free consultation.

Business cases of projects we completed

Information security incident response and investigation
Managed security and compliance (ISO 27001, etc.)
Security analysis of software source code
Security assessment: audits and penetration tests
Security Operations Center cases