Defending Against Carpet Bombing Attacks
Although carpet bombing is not new, attacks still happen every day. Learn how Arbor Sightline can protect your network and eliminate DDoS threats before they have a chance to harm your network.
Carpet bombing attacks are one of the most devastating distributed attacks bad actors can initiate since they target large ranges of IP addresses simultaneously, generating thousands of attack alerts that are impossible for SOC teams to manage. Scrutinizing large traffic volumes over time, contextualizing and refining this data, and quickly acting on anomalies that threaten network availability has never been more necessary. But resource constraints continue to impact network operators, increasing the value of scalable, end-to-end, automated analytics workflows and protections.
NETSCOUT® Arbor Sightline has multiple detection mechanisms that can identify carpet-bombing attacks ensuring customers are protected. Arbor Sightline has features to track the prefixes involved in an attack so that only the relevant traffic is diverted to mitigation infrastructure.
Through Adaptive DDoS Protection, NETSCOUT has introduced a new way to understand DDoS traffic at the network level across all subnets to detect and report on carpet bombing attacks in one, easy-to- understand alert. Arbor Sightline’s Machine Learning based Precise Protection Prefix technology automatically determines the specific IP ranges targeted by the attack. It then automatically redirects those to NETSCOUT® Arbor Threat Mitigation Systems™ (TMS) for mitigation, even as the attack moves around the network to different targets. This Adaptive DDoS Protection capability dramatically improves the detection and mitigation of carpet-bombing attacks.
Arbor Sightline can identify carpet-bombing DDoS attacks in as little as one second using fast-flood detection, and can automatically mitigate these attacks by identifying the IP ranges under attack and diverting only that traffic to Arbor TMS.
Arbor Sightline can add new targets automatically to existing mitigations, managing resources effectively. Arbor Sightline can automatically manage available Arbor TMS mitigation capacity by dynamically moving attacks among available Arbor TMS mitigation infrastructure, as attack traffic volumes change. These features make sure network infrastructure isn’t overloaded and cuts down the time operations staff spend managing DDoS attack response.
Carpet bombing defense capabilities include:
- Automated mitigation that scales to hundreds of millions of packets per second.
- Tracking of attack targets so that (only) needed traffic is inspected.
- Analytics to identify attack sources for intelligent mitigation.
- Advanced DDoS Protection that constantly analyzes attack traffic and updates mitigations in real time and targeted addresses and methods change.