A denial-of-service (DoS) or a distributed denial-of-service
(DDoS) attack is an attempt to make a machine or network resource unavailable to users, and is
intended to temporarily or indefinitely interrupt or suspend services to a host connected to
Typical attacks involve saturating the target machine with external
communication requests, such that the machine can no longer respond to legitimate traffic, or
responds so slowly it is rendered unavailable. Such attacks usually lead to server
The three most common methods of attack include:
- TCP SYN flood
- A Transmission
Control Protocol (TCP) Synchronous Transmission (SYN) flood occurs when a malicious host
sends a flood of TCP/SYN packets - often with a forged sender address. Each of these
packets is handled like a connection request, causing the server to spawn half-open
connections by sending back a TCP/SYN-ACK packet (Acknowledge), and waiting for a packet
in response from the sender address (response to the ACK Packet). However, because the
sender address is forged, the response never arrives. These half-open connections saturate
the number of available connections the server is able to make, keeping it from responding
to legitimate requests until after the attack is over.
- UDP flood
- A User Datagram
Protocol (UDP) flood overloads the target server by repeatedly sending an overwhelming
number of UDP packets.
- ICMP/Ping flood
- An Internet
Control Message Protocol (ICMP) flood sends its victims an overwhelming number of ping
packets, usually by using the "ping" command. It is simple to launch with the purpose of
gaining access to a greater amount of bandwidth than its victim.
If you deploy the Cloud Edge gateway with hardware switch
chipset in Bridge Mode, only the High Security intranet security setting supports
anti-DoS scanning for intranet traffic.
With the Balanced and High Speed intranet security settings, intranet traffic
is not scanned.
All three intranet security settings support anti-DoS scanning on the external