Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.

Avenue4 LLCRead Message Promoted Post

Home / Blogs

Identify DDoS Attacks with External Performance Monitoring (Part 2 of 3)

Donald Lee

In Part One of this series, we examined internal server, network and infrastructure monitoring applications. Now let's take a look at another way to capture DDoS information: external performance monitoring.

Option #2 – External Performance Monitoring Solutions in the Cloud

A second approach IT administrators can use to assess a potential DDoS attack is to use an external performance monitoring solution. Unlike network/infrastructure tools — which are usually installed inside a customer's network — external performance monitoring solutions are typically provided by a third party and leverage monitoring locations from around the world.

External monitoring tools can encompass several elements:

  1. Virtual browsers to check for basic Website / application uptime and performance
  2. Real browsers to check for Website / application performance, errors and service degradation
  3. Network services such as DNS, FTP and email, among others

From a DDoS perspective, an external third-party monitoring solution makes sense. The purpose of this type of solution is to constantly monitor a Website, service or application and notify the user of downtime, slow responses or other issues. All of these are potential indicators of a DDoS attack.

That said, although a third party external monitoring solution can work at capturing DDoS attacks, these solutions are not foolproof. An external solution can tell an IT administrator that performance is degrading or has failed, but it cannot determine the reason. As I mentioned in our previous post, abnormal response times and downtime do not always indicate a denial of service condition.

Originally, the goal of third-party monitoring was to ensure that ISPs, hosting companies and servers were functioning as designed. Slow response times and outages could indicate a provider or server being down.

As mentioned in part one of this series, it is important to carefully analyze any data from a third-party before enabling your DDoS protection service.

Companies that do not host their own websites and use third parties like Amazon EC2 would benefit the most from third-party monitoring solutions.

Stay tuned for the next segment in our three-part series where we discuss Netflow/Peakflow monitoring and on-premise equipment.

By Donald Lee, Technical Sales Engineer at Neustar
Related topics: Cloud Computing, Cybersecurity, DDoS
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

IP Addressing

Sponsored byAvenue4 LLC

Mobile Internet

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

DNS Security

Sponsored byAfilias

Promoted Post

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.