DDoS mitigation filters can be applied closer to attack’s source. Juniper Networks has added a new way for its anti-DDoS appliance to mitigate what’s known as massive UDP-based amplification attacks that typically work by exploiting compromised servers of different kinds to both spoof and vastly increase the denial-of-service barrage. One type of such attack that has been on the rise this year is the Network Time Protocol (NTP) amplification attack that works when the attacker exploits vulnerable and unpatched NTP servers to overwhelm the victim’s system with UDP traffic. The size and scale of these UDP-based DDoS attacks is now reaching 300G/bit sec and more, making it hard to simply backhaul traffic, says Paul Scanlon, director of product management at Juniper Networks. + ALSO ON NETWORK WORLD New federal rule requires banks to fight DDoS attacks | Massive denial-of-service attacks pick up steam, new nefarious techniques + The enhanced Juniper DDoS Secure appliance announced today has added a method to detect this kind of unwanted attack traffic and the source of the attack and apply filters through Border Gateway Protocol (BGP) routers supporting the Flowspec protocol to block the attack closer to the border of the network or closer to the source of the attack. “The router is being told to filter the traffic in the interface with the source of the attack,” Scanlon says. Juniper’s BGP routers support Flowspec but so do those from Cisco and Alcatel-Lucent, says Scanlon, pointing out this anti-DDoS mitigation technique is intended to work across multi-vendor gear. Juniper’s DDoS Secure, which works bi-directionally so it’s not just monitoring inbound traffic, can be used in either enterprise or carrier networks. In the enterprise, the DDoS Secure appliance would typically be deployed at the data center. DDoS Secure blocks many type of DDoS attacks, and can also be used by service providers to protect against the problem of mitigating malicious traffic originating from botnets exploiting users’ mobile devices. DDoS Secure, available now, costs $29,950 for the hardware component with additional costs for software that start at $18,995 depending on potential gigabit of protected capacity. Related content how-to Using the apropos command on Linux By Sandra Henry-Stocker Apr 24, 2024 3 mins Linux news 2024 global network outage report and internet health check ThousandEyes tracks internet and cloud traffic and provides Network World with weekly updates on the performance of ISPs, cloud service providers, and UCaaS providers. By Ann Bednarz Apr 24, 2024 38 mins Internet Service Providers Network Management Software Cloud Computing news Accelsius offers liquid cooling without a data center retrofit NeuCool technology works with existing data center equipment and configuration. By Andy Patrizio Apr 24, 2024 3 mins Energy Efficiency Data Center news Nvidia supercomputers: new collegiate, research systems come online Georgia Tech's dedicated AI supercomputer is a cluster of 20 Nvidia HGX H100s; the DOE's Venado is the first large-scale system with Nvidia Grace CPU superchips deployed in the U.S. By Andy Patrizio Apr 24, 2024 3 mins Supercomputers Data Center PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe