A distributed denial‑of‑service (DDoS) attack is an attempt to make a service, usually a website, unavailable by bombarding it with so much traffic from multiple machines that the server providing the service is no longer able to function correctly.
Unlike a denial‑of‑service (DoS) attack, which uses one computer and its Internet connection to flood a targeted system with packets, a DDoS attack uses many computers and their Internet connections. These computers are often compromised without the knowledge of their owners and distributed globally, forming a botnet.
Typically, the attacker tries to saturate a system with so much traffic that it is no longer able to accept new traffic, or becomes so slow that it is effectively unusable.
DDoS attacks fall into three categories:
- Protocol‑based attacks – SYN flood, Ping‑of‑Death, and others. These attacks attempt to consume resources by exploiting bugs or weaknesses in Internet protocols such as ICMP and TCP. The best way to deal with them is by fully patching and correctly configuring your network devices.
- Volume‑based attacks – UDP and ICMP flood, which are sometimes invoked using vulnerable protocol implementations such as DNS amplification. These attacks can saturate network bandwidth and are best dealt with using downstream firewalling and globally distributed, high‑capacity points of presence.
- Application‑layer attacks – Slowloris and other slow‑HTTP attacks, and costly web calls. These attacks are the most pernicious because they look like genuine application traffic, but seek to exploit weaknesses in common web applications. The best way to handle them is with software that has acceleration, offload, and filtering functionality.
How Can NGINX Plus Help?
NGINX Plus and NGINX are the best‑in‑class load‑balancing solutions used by high‑traffic websites such as Dropbox, Netflix, and Zynga. More than 319 million websites worldwide, including the majority of the 100,000 busiest websites, rely on NGINX Plus and NGINX to deliver their content quickly, reliably, and securely.
NGINX Plus is an important component of a DDoS attack mitigation solution, giving you the tools to protect your vulnerable applications against a range of application‑layer attacks.
There are characteristics of DDoS attacks that can be used to help mitigate against them, such as the client IP addresses being used for the attack, the rate of requests, and certain HTTP headers. NGINX Plus has a number of features that – in conjunction with these characteristics – can be used to help fight against DDoS attacks and help identify them when they are happening.
For more information, see Mitigating DDoS Attacks with NGINX and NGINX Plus.