What is DDoS?
A distributed denial-of-service (DDoS) attack aims to disrupt the traffic of a targeted server, service or network by overwhelming it with a flood of traffic from various sources, bringing the network down - studies show that DDoS attacks are to blame for 1/3 of all downtime, showing just how serious of an issue it is.
Attackers achieve this 'flood' of traffic by gaining access to a network of computers and infecting them with malware, turning them into command-following robots - the attacker then has remote control over all of these machines, which are called botnet.
Volumetric attacks are the most common kind of DDoS, making up around 65% of reported instances. These attacks target a network or site by flooding them with enormous amounts of traffic, causing so much congestion that the bandwidth becomes completely overwhelmed, slowing down network or web operations until they're nonfunctional.
These attacks are easy to detect due to the sudden influx of traffic to one specific focal point - however, mitigating the threat calls for the ability to process a huge number of rules, which need to be used to block the attack traffic from the targeted sites or networks.
Web Application Firewall Solution Brief
Application-Layer attacks specifically target weaknesses in a web server or application in attempts to exhaust it through excessive processes and transactions.
There are many methods to achieve this, but the most common attack of this kind is a HTTP Flood, which uses botnets to send the target server/application a huge amount of GET (retrieve from server) and POST (submit to server) requests. In trying to respond to all of these requests, all of the server's resources are kept busy, stopping legitimate requests from coming through.
Application-Layer attacks are often difficult to defend against as these requests seem valid on an individual level, meaning many systems won't flag them as malicious.
Barracuda Web-Application Firewall
The Barracuda Web Application Firewall uses a unique combination of capabilities to mitigate the risks from both Application DDoS and Volumetric DDoS attacks. It uses a variety of risk assessment techniques including application-centric thresholds, protocol checks, session integrity, active and passive client challenges, historical client reputation blacklists, geo-location, and anomalous idle-time detection to identify and block Application DDoS attacks.
And with the addition of Active DDoS Prevention, the Web Application Firewall is able to filter out Volumetric DDoS attacks before they ever reach your network or application servers.
Web Application Firewall White Paper