DDOS (Distributed Denial Of Service) attacks are some of the most common and damaging attacks across the internet. In this article, you will learn how to get alerts and block DOS/DDOS attacks with Traceable.
Region Blocking
A common source of DDOS attacks are nation state actors. In such cases, its best to simply add a region rule which blocks your country's adversary.
Known IP Blocking
Traceable will automatically block known threat actor IPs. You can also configure a list of IPs through our UI or our API
Traffic Patterns
The most obvious signal of DDOS is a spike in traffic. The following steps walk you through how to respond to excessive traffic volumes in your environment.
Alert
The first step is to set up a systemwide rate limit rule setting the action to “Alert”. This will alert you when any traffic spikes are seen in your environment.
Respond
Once Traceable alerts you via slack, pagerduty etc, use the Trace view to investigate.
Group By Service Name
Investigate
Service Filter
Use Traceable's intuitive searching capabilities to quickly retrieve all the requests to the service under attack.
Identify Commonalities
Click the + icon and open up a few spans. Look for a common attribute (query param, header key, header value or something in the request body)
Remediate
Use Traceable's Custom Event policy to stop the DDOS attack.