Proactive approach with research, leveraging reputation data from over three dozen security intelligence sources to instantly assess and block traffic from millions of known DDoS weapons
Distributed Denial of Service (DDoS) attacks are growing in frequency, intensity and sophistication, but their delivery methods are unchanged. Infected internet bots and vulnerable servers continue to create attacks of crushing scale against unprepared targets. These bots and servers are the weapons used repeatedly in multiple DDoS attacks. A global distribution of these internet zombies and exposed servers, easily exploitable as reflected amplifiers, sits idle, waiting to be called into action.
Security researchers accumulate threat intelligence from tens of millions of internet compute hosts that are vulnerable and exploited as DDoS attack weapons. DDoS threat intelligence is the information gleaned from the repeated use of attacking agents combined with the knowledge of vulnerable IP addresses and hosts. This information provides security researchers the ability to proactively improve DDoS defenses.
This eBook outlines concepts and examples of how to leverage your existing tool chains for better security hygiene, as well as prepare yourself to expand beyond your security scope when faced with an attack.
Current and Accurate DDoS Weapons Intelligence
A10 Networks and partner security researchers continuously analyze and inventory millions of IP addresses of exploitable hosts weaponized for DDoS attacks. A10 Defend Mitigator (previously Thunder TPS) makes the voluminous data actionable with class-lists that scale up to 96M entries.
IP Addresses of Weaponized Reflected Amplification Servers
Amplified reflection attacks take the prize when it comes to size. A10’s DDoS weapons intelligence includes IP addresses of millions of exploitable DNS, NTP, SSDP, CLDAP, TFTP, and other internet exposed services exploited by attackers that should be blocked while under DDoS attack.
IP Addresses of IoT DDoS Botnets
The 2016 Mirai botnet DDoS attacks were the wake-up call to DDoS defender on the scope of the IoT threat. A10’s DDoS weapons intelligence includes Mirai derivative IoT DDoS botnet addresses and other host IP address abused as attack agents. These are toxic hosts and should be blocked before they can do damage to your infrastructure