Preventing dos denial of service ddos attacks ...contd...

There are major Security companies coming up with unique filter, which filters the request and blocks unwanted request and the IP of the originating address from where the request is coming. Denial of Service attacks can be prevented by the  use of a combination of attack detection, traffic classification and response tools, which can block traffic from an attaker and allow traffic from a genuine user. Firewalls prevents DOS by allowing or denying protocols, ports or IP addresses.Switches also provide some rate limiting and ACL features.

Some switches have automatic  traffic shaping, delayed binding , deep packet inspection and Bogon filtering to detect and prevent denial of service attacks through automatic rate filtering and WAN Link failover and balancing.

An example of this would be a SYN flood attack which can be prevented using delayed binding or TCP splicing. Similarly content based DoS can be prevented using deep packet inspection.

Similar to switches, routers have some manually configurable rate-limiting and ACL capability. 

If the attacks have signature associated with them then Intrusion-prevention systems (IPS) are very usefull. Intrusion-prevention systems which work on content recognition cannot block behavior-based DoS attacks which have legitimate content but bad intent.

DoS Defense System (DDS) can block connection-based DoS attacks and those with legitimate content but bad intent which was a drawback of an IPS. A DDS is cpable of addressing both protocol attacks (such as Teardrop and Ping of death) and rate-based attacks (such as ICMP floods and SYN floods)

But it is not possible to stop a DoS attack, if an attacker manages to implant a Dos script inside your own server and starts DoS’ing your server. In this case you have to carefully monitor your server content, check if any new files or scripts are added illegally inside your server.