AWS DDOS

AWS DDoS (Distributed Denial of Service) Protection

AWS provides robust measures to mitigate DDoS attacks that aim to disrupt service availability.

---

Common DDoS Attack Types

1. UDP Flood:

   • Overwhelms servers with a high volume of UDP packets, consuming bandwidth and server resources.

2. TCP Flood:

   • Exhausts server connections by sending a large number of incomplete TCP handshake requests. This can be mitigated using security groups, Network ACLs & AWS Shield

3. Slowloris Attack:

   • Holds connections open by sending partial requests, preventing the server from accepting new ones. This can be mitigated using AWS Load Balancer

---

AWS Shield

1. AWS Shield Standard:

   • Automatic protection against common, low-complexity DDoS attacks.

   • Built into AWS services at no additional cost.

2. AWS Shield Advanced:

   • Enhanced DDoS protection for applications hosted on AWS.

   • Features:

     • Detailed attack diagnostics.

     • Cost protection against attack-related usage spikes.

     • 24/7 support from the DDoS Response Team (DRT).

AWS Shield, combined with other AWS security services, helps maintain application availability even during DDoS attacks.

---