A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. There are three types of DDoS attacks. Layer 3,Layer 4 DDoS attacks and Layer 7 DDoS attack.
Layer 3 / 4 DDoS attacks
The majority of DDoS attacks focus on targeting the Transport and Network Layers of the OSI Model. These types of attacks are usually comprised of volumetric floods that aim to overwhelm the target devices, denying or consuming resources until they're unreachable. In these types of DDoS attacks, malicious traffic (TCP / UDP) is used to flood the victim.
Layer 7 DDoS attacks
Application-layer DDoS attacks are some of the most difficult attacks to mitigate against because they mimic human behavior as they interact with the user interface. A sophisticated Layer 7 DDoS attack may target specific areas of a website, making it even more difficult to separate from normal traffic.
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
CAUTION: Please be aware that mitigating DDoS Attacks at the Firewall level is far less effective than at the ISP level. Once packets have made it to the Firewall, typically the network edge device, they're going to overwhelm your network such that it will be hard for traffic to get in or out. Mitigating DDoS at the firewall level will allow you to preserve and protect internal resources so that internal users may still be able to function and sensitive information isn't compromised.
DDoS Protection Checklist
In order to help harden your network against DDoS Attacks at the firewall level, please follow the below steps. These are presented in no particular order.
Enable Intrusion Prevention
Block unused Ports from the WAN to the Internal Network
Enable Flood Protection
Enable Geo-IP Filter and Botnet Filter
Many DDoS attacks occur when infected machines under the control of a few individuals are all directed at one target. Often these attacks come from certain Countries and do not have their IP Addresses obfuscated. By using the Geo-IP Filter and Botnet Filter on the SonicWall it is possible to drop these packets as they attempt to enter your network which can aid the SonicWall in keeping your network reachable.
NOTE: Botnet IP addresses are maintained by SonicWall for internal use. If you'd like to test a Domain/IP for possibly being flagged as a Botnet, navigate to POLICY | Security Services | Botnet Filter | Diagnostics and enter the desired IP Address in the Lookup IP Tool.
CAUTION: This feature will block Outbound Connections to any device that has a Public IP Address associated with the selected country.
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
CAUTION: Please be aware that mitigating DDoS Attacks at the Firewall level is far less effective than at the ISP level. Once packets have made it to the Firewall, typically the network edge device, they're going to overwhelm your network such that it will be hard for traffic to get in or out. Mitigating DDoS at the firewall level will allow you to preserve and protect internal resources so that internal users may still be able to function and sensitive information isn't compromised.
DDoS Protection Checklist
In order to help harden your network against DDoS Attacks at the firewall level, please follow the below steps. These are presented in no particular order.
Enable Intrusion Prevention
Block unused Ports from the WAN to the Internal Network
Enable Flood Protection
CAUTION: Proxy WAN Connections will cause External Users who trigger the Flood Protection feature to be blocked from connecting to internal resources. If there is a chance any Users can generate a false positive for this feature it is recommended to leave TCP Flood Protection in Watch and Report mode.
Enable Geo-IP Filter and Botnet Filter
Many DDoS attacks occur when infected machines under the control of a few individuals are all directed at one target. Often these attacks come from certain Countries and do not have their IP Addresses obfuscated. By using the Geo-IP Filter and Botnet Filter on the SonicWall it is possible to drop these packets as they attempt to enter your network which can aid the SonicWall in keeping your network reachable.
CAUTION: This feature will block Outbound Connections to any device that has a Public IP Address associated with the selected country. If you'd like to set up Geo-IP Filter for a more granular block please reference How to configure SonicWall Geo-IP Filter using Firewall Access Rules.
NOTE: Botnet IP addresses are maintained by SonicWall for internal use. If you'd like to test a Domain/IP for possibly being flagged as a Botnet, navigate to Security Services | Botnet Filter | Diagnostics and enter the desired IP Address in the Lookup IP Tool.
CAUTION:This feature will block Outbound Connections to any device that has a Public IP Address associated with the selected country. If you'd like to setup Geo-IP Filter for a more granular block please reference How to configure Botnet Filtering with Firewall Access Rules.
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
CAUTION: Please be aware that mitigating DDoS Attacks at the Firewall level is far less effective than at the ISP level. Once packets have made it to the Firewall, typically the network edge device, they're going to overwhelm your network such that it will be hard for traffic to get in or out. Mitigating DDoS at the Firewall level will allow you to preserve and protect internal resources so that internal Users may still be able to function and sensitive information isn't compromised.
DDoS Protection Checklist
In order to help harden your network against DDoS Attacks at the firewall level, please follow the below steps. These are presented in no particular order.
Enable Intrusion Prevention
Block unused Ports from the WAN to the Internal Network
Enable Flood Protection
Enable Geo-IP Filter and Botnet Filter
Many DDoS attacks occur when infected machines under the control of a few individuals are all directed at one target. Often these attacks come from certain Countries and do not have their IP Addresses obfuscated. By using the Geo-IP Filter and Botnet Filter on the SonicWall it is possible to drop these packets as they attempt to enter your network which can aid the SonicWall in keeping your network reachable.
CAUTION: This feature will block Outbound Connections to any device that has a Public IP Address associated with the selected country. If you'd like to setup Geo-IP Filter for a more granular block please reference How to configure Botnet Filtering with Firewall Access Rules.