DDoS mitigation is a set of network management techniques and/or tools, for resisting or mitigating the impact of distributed denial-of-service (DDoS) attacks on networks attached to the Internet, by protecting the target, and relay networks. DDoS attacks are a constant threat to businesses and organizations, by delaying service performance, or by shutting down a website entirely.[1]
DDoS mitigation works by identifying baseline conditions for network traffic by analyzing "traffic patterns", to allow threat detection and alerting.[2] DDoS mitigation also requires identifying incoming traffic, to separate human traffic from human-like bots and hijacked web browsers. This process involves comparing signatures and examining different attributes of the traffic, including IP addresses, cookie variations, HTTP headers, and browser fingerprints.
After the detection is made, the next process is filtering. Filtering can be done through anti-DDoS technology like connection tracking, IP reputation lists, deep packet inspection, blacklisting/whitelisting, or rate limiting.[3][4]
One technique is to pass network traffic addressed to a potential target network through high-capacity networks, with "traffic scrubbing" filters.[2]
Manual DDoS mitigation is no longer recommended, due to the size of attacks often outstripping the human resources available in many firms/organizations.[5] Other methods to prevent DDoS attacks can be implemented, such as on-premises and/or cloud-based solution providers. On-premises mitigation technology (most commonly a hardware device) is often placed in front of the network. This would limit the maximum bandwidth available to what is provided by the Internet service provider.[6] Common methods involve hybrid solutions, by combining on-premises filtering with cloud-based solutions.[7]