Performance & Reliability
CDN DNS Argo Smart Routing Load Balancing AMP Real URL Web Optimizations China Network
Video Streaming & Delivery
Cloudflare Stream Stream Delivery
Advanced Security
Magic Transit DDoS Protection WAF Bot Management Rate Limiting SSL / TLS DNSSEC Cloudflare Access Cloudflare Spectrum Argo Tunnel
Insights
Analytics Cloudflare Logs
Cloudflare for Developers
Cloudflare Workers Cloudflare Workers KV Mobile SDK
Domain Registration
Cloudflare Registrar
Cloudflare Marketplace
Cloudflare Apps
Cloudflare for Everyone
1.1.1.1
Performance
Accelerate Internet Applications Accelerate Mobile Experiences Ensure Application Availability
Security
Mitigate DDoS Attacks Prevent Customer Data Breaches Stop Malicious Bot Abuse
Industries
Gaming SaaS eCommerce Media and Entertainment Public Sector Public Interest Groups State & Local Government
Partnerships
Partner Program
Solutions Partners
Services Program
Technology Partners
Peering Portal Bandwidth Alliance Analytics Partners
Integrations
IBM Cloud WordPress Google Cloud Magento Acquia Rackspace Microsoft Azure Kubernetes WP Engine
Develop
API Guide Developer Hub Developer Fund Documentation
Explore
Case Studies Analysts Cloudflare in China Network Map Webinars What's New? White Papers GDPR
Learn
DDoS Learning Center CDN Learning Center DNS Learning Center Security Learning Center Performance Learning Center Serverless Learning Center SSL Learning Center Bots Learning Center Cloud Learning Center
Connect
Blog Contact Sales Community Support
Contact
+1 650 319 8930
Advanced Cloudflare Configuration
Explore Cloudflare API v4 Expose a Secure Local Tunnel Configure with Terraform Documentation
Customize Your Site
Customize Using Workers Altering Headers Conditional Request Routing A/B Testing Browse All Code Snippets
Build Serverless Applications
Deploy Using Workers.dev Get Started with Tutorials Clone Examples on GitHub

What is DDoS Mitigation?

Properly implemented DDoS mitigation is what keeps websites online during an attack. Explore the process of DDoS mitigation and the important characteristics to look for in a service.

Share facebook icon linkedin icon twitter icon email icon
What is a DDoS Attack?
What is a DDoS Botnet?
Common DDoS Attacks
DDoS Attack Tools
Glossary
DNS
UDP
WAF
Famous DDoS Attacks
  • What is a DDoS Attack?
  • What is a DDoS Botnet?
  • Common DDoS Attacks
  • Memcached DDoS Attack
  • NTP Amplification Attack
  • DNS Amplification Attack
  • SSDP Attack
  • DNS Flood
  • HTTP Flood
  • SYN Flood Attack
  • UDP Flood Attack
  • Ping (ICMP) Flood Attack
  • Low and Slow Attack
  • Application Layer Attack
  • Cryptocurrency Attacks
  • Smurf Attack (historic)
  • Ping of Death (historic)
  • DDoS Attack Tools
  • How to DDoS
  • Low Orbit Ion Cannon
  • High Orbit Ion Cannon
  • R U Dead Yet? (R.U.D.Y.)
  • Slowloris Attack
  • DDoS Booter/IP Stresser
  • Glossary
  • DDoS Mitigation

    What is DDoS mitigation?

    DDoS mitigation refers to the process of successfully protecting a targeted server or network from a distributed denial-of-service (DDoS) attack. By utilizing specially designed network equipment or a cloud-based protection service, a targeted victim is able to mitigate the incoming threat.

    DDoS Mitigation Stages

    There are 4 stages of mitigating a DDoS attack using a cloud-based provider:

    1. Detection - in order to stop a distributed attack, a website needs to be able to distinguish an attack from a high volume of normal traffic. If a product release or other announcement has a website swamped with legitimate new visitors, the last thing the site wants to do is throttle them or otherwise stop them from viewing the content of the website. IP reputation, common attack patterns, and previous data assist in proper detection.
    2. Response - in this step, the DDoS protection network responds to an incoming identified threat by intelligently dropping malicious bot traffic, and absorbing the rest of the traffic. Using WAF page rules for application layer (L7) attacks, or another filtration process to handle lower level (L3/L4) attacks such as memcached or NTP amplification, a network is able to mitigate the attempt at disruption.
    3. Routing - By intelligently routing traffic, an effective DDoS mitigation solution will break the remaining traffic into manageable chunks preventing denial-of-service.
    4. Adaptation - A good network analyzes traffic for patterns such as repeating offending IP blocks, particular attacks coming from certain countries, or particular protocols being used improperly. By adapting to attack patterns, a protection service can harden itself against future attacks.

    Choosing a DDoS mitigation service

    Traditional DDoS mitigation solutions involved purchasing equipment that would live on site and filter incoming traffic. This approach involves purchasing and maintaining expensive equipment, and also relied on having a network capable of absorbing an attack. If a DDoS attack is large enough, it can take out the network infrastructure upstream preventing any on-site solution from being effective. When purchasing a cloud-based DDoS mitigation service, certain characteristics should be evaluated.

    1. Scalability - an effective solution needs to be able to adapt to the needs of a growing business as well as respond to the growing size of DDoS attacks. Attacks larger than 1 TB per second (TBPS) have occurred, and there’s no indication that the trend in attack traffic size is downward. Cloudflare’s network is capable of handling DDoS attacks 10X larger than have ever occurred.
    2. Flexibility - being able to create ad hoc policies and patterns allows a web property to adapt to incoming threats in real time. The ability to implement page rules and populate those changes across the entire network is a critical feature in keeping a site online during an attack.
    3. Reliability - much like a seatbelt, DDoS protection is something you only need when you need it, but when that time comes it better be functional. The reliability of a DDoS solution is essential to the success of any protection strategy. Make sure that the service has high uptime rates and site reliability engineers working 24 hours a day to keep the network online and identify new threats. Redundancy, failover and an expansive network of data centers should be central to the strategy of the platform.
    4. Network size - DDoS attacks have patterns that occur across the Internet as particular protocols and attack vectors change over time. Having a large network with extensive data transfer allows a DDoS mitigation provider to analyze and respond to attacks quickly and efficiently, often stopping them before they ever occur. Cloudflare’s network runs Internet requests for ~10% of the Fortune 1,000, creating an advantage in analyzing data from attack traffic around the globe.
  • Blackhole Routing
  • Denial Of Service
  • DNS
  • HTTP
  • ICMP
  • IP Spoofing
  • Malware
  • OSI Model
  • TCP/IP
  • UDP
  • WAF
  • Internet Of Things (IOT)
  • Mirai Botnet
  • Internet Protocol (IP)
  • Famous DDoS Attacks

DDoS Mitigation

Learning Objectives

After reading this article you will be able to:

  • Explore mitigation strategies for DDoS attacks
  • Learn about the range of DDoS attacks
  • Highlight common attacks

Related Content

What is a DDoS Attack?

Denial Of Service

DNS Flood

Web Application Firewall (WAF)

Ping of Death (historic)

What is DDoS mitigation?

DDoS mitigation refers to the process of successfully protecting a targeted server or network from a distributed denial-of-service (DDoS) attack. By utilizing specially designed network equipment or a cloud-based protection service, a targeted victim is able to mitigate the incoming threat.

DDoS Mitigation Stages

There are 4 stages of mitigating a DDoS attack using a cloud-based provider:

  1. Detection - in order to stop a distributed attack, a website needs to be able to distinguish an attack from a high volume of normal traffic. If a product release or other announcement has a website swamped with legitimate new visitors, the last thing the site wants to do is throttle them or otherwise stop them from viewing the content of the website. IP reputation, common attack patterns, and previous data assist in proper detection.
  2. Response - in this step, the DDoS protection network responds to an incoming identified threat by intelligently dropping malicious bot traffic, and absorbing the rest of the traffic. Using WAF page rules for application layer (L7) attacks, or another filtration process to handle lower level (L3/L4) attacks such as memcached or NTP amplification, a network is able to mitigate the attempt at disruption.
  3. Routing - By intelligently routing traffic, an effective DDoS mitigation solution will break the remaining traffic into manageable chunks preventing denial-of-service.
  4. Adaptation - A good network analyzes traffic for patterns such as repeating offending IP blocks, particular attacks coming from certain countries, or particular protocols being used improperly. By adapting to attack patterns, a protection service can harden itself against future attacks.

Choosing a DDoS mitigation service

Traditional DDoS mitigation solutions involved purchasing equipment that would live on site and filter incoming traffic. This approach involves purchasing and maintaining expensive equipment, and also relied on having a network capable of absorbing an attack. If a DDoS attack is large enough, it can take out the network infrastructure upstream preventing any on-site solution from being effective. When purchasing a cloud-based DDoS mitigation service, certain characteristics should be evaluated.

  1. Scalability - an effective solution needs to be able to adapt to the needs of a growing business as well as respond to the growing size of DDoS attacks. Attacks larger than 1 TB per second (TBPS) have occurred, and there’s no indication that the trend in attack traffic size is downward. Cloudflare’s network is capable of handling DDoS attacks 10X larger than have ever occurred.
  2. Flexibility - being able to create ad hoc policies and patterns allows a web property to adapt to incoming threats in real time. The ability to implement page rules and populate those changes across the entire network is a critical feature in keeping a site online during an attack.
  3. Reliability - much like a seatbelt, DDoS protection is something you only need when you need it, but when that time comes it better be functional. The reliability of a DDoS solution is essential to the success of any protection strategy. Make sure that the service has high uptime rates and site reliability engineers working 24 hours a day to keep the network online and identify new threats. Redundancy, failover and an expansive network of data centers should be central to the strategy of the platform.
  4. Network size - DDoS attacks have patterns that occur across the Internet as particular protocols and attack vectors change over time. Having a large network with extensive data transfer allows a DDoS mitigation provider to analyze and respond to attacks quickly and efficiently, often stopping them before they ever occur. Cloudflare’s network runs Internet requests for ~10% of the Fortune 1,000, creating an advantage in analyzing data from attack traffic around the globe.

To provide you with the best possible experience on our website, we may use cookies, as described here.
By clicking accept, closing this banner, or continuing to browse our websites, you consent to the use of such cookies.