US Government Issues New DDoS Mitigation Guidance
22-Mar-24
Initially published in October 2022, the guidance (PDF) has been updated with a categorization of DoS and DDoS attacks into three types, with DDoS technical definitions, and mitigation recommendations for protecting against the outlined DDoS attack types.
Both aimed at disrupting the availability of the target, DoS and DDoS attacks differ in one critical aspect: the source. A DoS attack involves a single source of traffic used to overwhelm the target, while a DDoS attack uses multiple sources, often compromised devices ensnared in a botnet.
DDoS attacks, the three US government agencies explain, generate significantly higher volumes of traffic, and can exhaust the target’s resources to a greater extent. They can also use techniques, such as IP spoofing, to disguise the origin of the traffic.
To minimize the potential damage caused by a DDoS attack, organizations are advised to conduct risk assessments to identify potential weaknesses in their networks, to implement network monitoring tools, regularly analyze traffic, implement Captcha and an incident response plan, evaluate their bandwidth capacity, implement load balancing, and configure firewalls to filter or block suspicious or harmful traffic.
In response, organizations should activate their incident response plans, notify internet service providers (ISP) or hosting providers, collect evidence, implement traffic filtering, enable DDoS mitigation services if available, scale up resources such as bandwidth, enable a Content Delivery Network (CDN) service, and maintain communication with internal teams and external stakeholders.
The guide, which has been authored in collaboration with Akamai, Cloudflare, and Google, also provides recommendations on the steps to be taken after suffering a DDoS attack, and advises organizations to report such incidents to CISA, the FBI, or to the MS-ISAC.
