Infrastructure Layer Attacks - AWS Best Practices for DDoS Resiliency

Infrastructure Layer Attacks

The most common DDoS attacks, UDP reflection attacks and SYN floods, are infrastructure layer attacks. An attacker can use either of these methods to generate large volumes of traffic that can inundate the capacity of a network or tie up resources on systems like a server, firewall, IPS, or load balancer. While these attacks can be easy to identify, to effectively mitigate them, you must have a network or systems that scale up capacity more rapidly than the inbound traffic flood. This extra capacity is to either filter out or absorb the attack traffic enabling your system and application to respond to your legitimate customer traffic.