Denial of Service (DoS) attacks have been a part of the internet landscape for years. There have been some high profile DoS attacks recently, but attackers today are deploying fundamentally the same techniques as those employed over a decade ago. With the ascendance of Botnets and Crimeware-as-a-Service in the threat landscape, the ability to employ a botnet to launch a DoS attack is relatively simple.
This white paper describes common DoS techniques, such as TCP SYN, UDP, and ICMP floods. It also explains the technology integrated into every FortiGate consolidated security platform that helps in blocking these common DoS attacks, the DoS Sensor. This feature, included in the FortiOS operating system, uses network traffic anomaly detection to identify a DoS attack. It can detect 12 types of network anomalies: TCP SYN floods, UDP and ICMP floods, UDP scans, TCP port scans, TCP, UDP, and ICMP source and destination session attacks, and ICMP sweep attacks. The paper also offers suggestions on how to prevent an organization's network from being used to attack another organization.