Why you shouldn't sweat UPnP port masking in the data center: Perspective

Nov. 30, 2018
Writing at HelpNetSecurity.com, Marc Laliberte, senior security analyst at WatchGuard Technologies, notes that: These days, DDoS attacks are often mitigated by spreading the load through a content delivery network’s (CDN’s) network. Instead of funneling DDoS traffic all through a single pipe, it is split up and sent through multiple data centers, which can then use specialized equipment to filter the reduced traffic. Some DDoS mitigation services let you keep your normal routing as-is until your services come under attack, at which point your public addresses are re-routed through their network. Cloud-based services aren’t as concerned about UPnP port masking because they have the resources to inspect and throttle larger attacks and simply absorb smaller ones.   The bottom line is, if a DDoS attack can bring down your network by using randomized ports, it can probably do the same without randomizing ports as well. If DDoS mitigation is a concern for your organization, look to cloud-based services that are equipped to handle the ever-increasing throughput. While UPnP Port Masking may fool some older DDoS prevention methods, the industry as a whole has moved on and focusing on this one trick will distract organizations from the actual threat of a modern DDoS attack.
www.helpnetsecurity.com

Writing at HelpNetSecurity.com, Marc Laliberte, senior security analyst at WatchGuard Technologies, observes that:

These days, DDoS attacks are often mitigated by spreading the load through a content delivery network’s (CDN’s) network. Instead of funneling DDoS traffic all through a single pipe, it is split up and sent through multiple data centers, which can then use specialized equipment to filter the reduced traffic. Some DDoS mitigation services let you keep your normal routing as-is until your services come under attack, at which point your public addresses are re-routed through their network. Cloud-based services aren’t as concerned about UPnP port masking because they have the resources to inspect and throttle larger attacks and simply absorb smaller ones.

The bottom line is, if a DDoS attack can bring down your network by using randomized ports, it can probably do the same without randomizing ports as well. If DDoS mitigation is a concern for your organization, look to cloud-based services that are equipped to handle the ever-increasing throughput. While UPnP Port Masking may fool some older DDoS prevention methods, the industry as a whole has moved on and focusing on this one trick will distract organizations from the actual threat of a modern DDoS attack.

Sponsored Recommendations

imVision® - Industry's Leading Automated Infrastructure Management (AIM) Solution

May 29, 2024
It's hard to manage what you can't see. Read more about how you can get visiability into your connected environment.

Adapt to higher fiber counts

May 29, 2024
Learn more on how new innovations help Data Centers adapt to higher fiber counts.

Going the Distance with Copper

May 29, 2024
CommScopes newest SYSTIMAX 2.0 copper solution is ready to run the distanceand then some.