1

Is there any type of DDoS where closing or taking full control of all port capabilities would be useful in mitigation of an attack?

  • Thanks Ian - that's much more on topic. I have a feeling the answer's going to be a no, though. I have done a fair bit of work on DDoS mitigation and can't imagine this working. – Rory Alsop Feb 09 '15 at 18:32
  • Thank you. I imagine you are right as well. It seems this would simply play into their hands. –  Feb 09 '15 at 19:24
  • What do you mean by "port capabilities"? Open, closing, filtering are all under our control. What else are you thinking about? – schroeder Feb 09 '15 at 23:07
  • The thing with ddos is you're saddled with the unenviable task of determining what a legitimate transaction is. Assuming you assiduously collate traffic data for your site, you would be able to have a better view of what constitutes legitimate traffic, after all if 90% of your traffic originates from north america, a sudden surge of 40% traffic from china without any intervention on your part means you could safely drop entire netblocks without being too worried about your business. – munchkin Feb 10 '15 at 13:05

2 Answers2

0

The only thing I can think of is a broadcast storm or similar, where responses from the target are what's keeping the attack going. These are rare and almost invariably accidental, and there's an easier way to stop them than messing around with ports: just take the target system briefly offline.

Mark
  • 34,390
  • 9
  • 85
  • 134
  • Wouldn't this accomplish what was intended? I guess I'm wondering if a SYN flood or UDP storm that was malicious could be mitigated using the proposed method...assuming those fall into a "broadcast storm" as you've stated. –  Aug 26 '15 at 18:49
  • SYN floods and UDP storms are simply a matter of an attacker throwing data faster than the target's connection can handle. Since the attack is against the *connection* rather than the *computer*, port control won't help. – Mark Aug 26 '15 at 20:53
0

Manual DDoS mitigation( taking control over the ports ) is no longer recommended due to DDoS attackers being able to circumvent DDoS mitigation software that is activated manually. Best practices for DDoS mitigation include having both anti-DDoS technology and anti-DDoS emergency response services

user3087973
  • 11