About DDOS Attack
Denial of Service (DoS) attack does not allow the computer or network not provide normal services.
DoS attack is a simple and effective attack method which is very harmful to many network technologies. It attacks through various means to consume network bandwidth and system resources. It also attacks system defects, pralyzing the normal service of normal system. This results in the system not being able to service the users. It prevents the normal user from accessing services.
A distributed-denial-of-service (DDoS) is a form of security threat where a malicious host floods simultaneous data requests to a device or a central server. The host generates these requests from multiple compromised systems.
By flooding the device the attacker hopes to exhaust the internal RAM and affect the internet bandwidth thus disrupting the business.
You can modify the following IP packet settings to prevent a DDoS attack.
-
Based on the relevant standard, the Time to Leave (TTL) field in the IP packet header must be greater than 0. By default, if a packet with TTL field equal to 0 is received, then the device discards the message as an attack. You can enable TTL monitoring to prevent DDoS attack.
-
The number of fragments depend on the number of packets. If the number of packets is large, then the number of fragments is large and affects the performance of the system resources. Configuring a reasonable limit for the number of packets restricts the number of fragments. If the limit is exceeded, the message is discarded as an attack message. By default, an IP message has 800 fragments. You can limit the number of fragments allowed on a device to prevent a DDoS attack.