* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Threat Advisory/Analysis](https://www2.paloaltonetworks.com/blog/category/threat-advisory-analysis/)
* Getting a Handle on DDoS

# Getting a Handle on DDoS

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2012%2F04%2Fgetting-a-handle-on-ddos%2F)  
[](https://twitter.com/share?text=Getting+a+Handle+on+DDoS&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2012%2F04%2Fgetting-a-handle-on-ddos%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2012%2F04%2Fgetting-a-handle-on-ddos%2F&title=Getting+a+Handle+on+DDoS&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2012/04/getting-a-handle-on-ddos/&ts=markdown)  
\[\](mailto:?subject=Getting a Handle on DDoS)  
Link copied  
By [Palo Alto Networks](https://www.paloaltonetworks.com/blog/author/palo-alto-networks-staff/?ts=markdown "Posts by Palo Alto Networks")  
Apr 16, 2012  
4 minutes  
[Threat Advisory/Analysis](https://www.paloaltonetworks.com/blog/category/threat-advisory-analysis/?ts=markdown)  
[DDoS](https://www.paloaltonetworks.com/blog/tag/ddos/?ts=markdown)  
[DoS](https://www.paloaltonetworks.com/blog/tag/dos/?ts=markdown)

Denial-of-Service (DoS) and Distributed Denial-of-Service Attacks (DDoS) have become an increasingly common problems for enterprises of all sizes. DDoS campaigns are commonly used by hacktivists to embarrass or otherwise disrupt a target company or government agency. Unfortunately, the problem doesn't stop there. Botnets controlled by criminal groups can recruit thousands and even millions of infected machines to join in a truly global DDoS attack, enabling the gang to essentially extort a ransom from the target network in exchange for stopping the attack. Regardless of the source, defending a network from these DDoS attacks has become an integral part of any IT threat prevention strategy. While we don't claim to be an end-to-end solution for stopping DDoS attacks (nothing really is), there are many features in the Palo Alto Networks next-generation firewall that security teams should integrate into their counter-DDoS strategy. Let's take a quick look at how an overall DDoS strategy could look.

**Keep DoS Attacks as Far Away From the Network As Possible**While of course, we tend to focus on the protections that we can provide at Palo Alto Networks, its very important to acknowledge that DDoS protection must begin before traffic ever reaches your network. ISPs are increasingly important partners in the fight against DDoS, and they have the ability to keep some DDoS traffic from reaching the intended target. ISPs can monitor Internet links and can filter or blackhole traffic to protect the customer network. Preparing for DDoS really does require looking beyond our own perimeter, and the working with your ISP is a great way to keep DoS traffic as far away from your network as possible.

**DDoS Protection Profiles**Of course, DoS attempts will eventually end up on your doorstep, and you will need to repel the attack and protect your assets. This is where the DoS protection profiles in the next-generation firewall are particularly powerful. The DoS profiles allows you to control various types of traffic floods such as SYN floods, UDP, and ICMP floods. You can also set rules for the maximum number of concurrent sessions to ensure that sessions can't overwhelm resources as well. However, the real power of the DoS protection profiles is the ability to set independent limits on aggregate as well as same-source sessions. As an example, you can set an overall ceiling of SYN packets that should be allowed that applies to all devices protected by a particular rule. Then you can set a much more targeted rule for the total SYN packets that should be allowed going to a specific IP address. You can apply these "classified" rules based on source IP, destination IP, or source-destination pair. By combining aggregate and classified DoS protections you can build in a great deal of protection not only for the network in general but also the critical systems and services that the network can't live without.

**Detection of DDoS Tools**The next step is identify and block DDoS tools used by attackers. Hacktivist groups will often rely on very simple tools or easily distributable scripts which can be used by users with basic computer skills. LOIC (the low-orbit ion cannon) has been a popular tool in various Anonymous projects as well as other hacktivist operations. Palo Alto Networks is able to identify attacks driven by LOIC, Trinoo and others and automatically block their DDoS traffic at the firewall.

**Blocking DoS Exploits**The simplest step is to block exploits that can lead to DoS conditions. Palo Alto Networks vulnerability protection profiles provide inline protection from well over 400 different vulnerabilities in both servers and clients that cause a denial of service condition. Defending against these types of vulnerabilities is relatively straight-forward and is likely already a component of your IPS and threat prevention profiles on your Palo Alto Networks devices.

**Controlling Botnets to Control DDoS**While its paramount to be prepared for the DDoS against your network, its also important to ensure that your network doesn't contribute to an attack elsewhere. Many DDoS attacks are the work of botnets that leverage an army of infected machines to send traffic to a specific source. Palo Alto Networks provides blocking of malware command-and-control traffic and offers the behavioral botnet report to expose devices in the network that are likely infected by a bot. These efforts will ensure you don't unwittingly contribute to a DDoS attack.

When it comes to DDoS is always important to remember that there will likely never be a single silver bullet. Stopping DDoS attacks require a blend of strong local security controls as well as efforts to mitigate the attack upstream. Using these techniques in coordinated way will help you to build an overall approach to coping with a DDoS attack.

*** ** * ** ***

## Related Blogs

### [Threat Brief](https://www.paloaltonetworks.com/blog/category/threat-brief/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### Threat Brief: Cyber Attackers Using Your Home Router To Bring Down Websites](https://www2.paloaltonetworks.com/blog/2018/08/threat-brief-cyber-attackers-using-home-router-bring-websites/)

### [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### Unit 42 Finds New Mirai and Gafgyt IoT/Linux Botnet Campaigns](https://www2.paloaltonetworks.com/blog/2018/07/unit42-finds-new-mirai-gafgyt-iotlinux-botnet-campaigns/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Threat Advisory/Analysis](https://www.paloaltonetworks.com/blog/category/threat-advisory-analysis/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### Inside TDrop2: Technical Analysis of new Dark Seoul Malware](https://www2.paloaltonetworks.com/blog/2015/11/inside-tdrop2-technical-analysis-of-new-dark-seoul-malware/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language