Flowchart of steps for preventing and responding to DDoS attacks

Steps for preventing and responding to DDoS attacks

Note: please click each colorful block to see the details how to do it!

Clean Up the Traffic (Scrubbing Center)

Watch for Trouble

Be Ready for the Worst (Blackholing)

Block the Bad Traffic

Limit the Number of Visitors

Monitor and Recover

Limit the Number of Visitors

What to Do: Set a limit on how many requests or visitors can come to your website at one time. This is called rate limiting. Example: It’s like having a rule that says only a certain number of people can enter the store at once.

Clean Up the Traffic (Scrubbing Center)

What to Do: If you notice too much bad traffic, send it through a scrubbing center. This helps clean up the bad traffic before it reaches the website. Example: Imagine sorting out junk mail from important letters. Only the good stuff gets through.

Watch for Trouble

What to Do: Always keep an eye on your network. Look out for too much traffic coming from one place or a sudden spike in users. This is your early warning. Example: Imagine a crowd of people rushing into a store all at once—something’s not right!

Be Ready for the Worst (Blackholing)

What to Do: In the worst-case scenario, you might need to shut down all traffic to your website for a short time to stop the attack. This is called blackholing. Example: It’s like closing the doors of a store to stop a big crowd from rushing in until everything is under control.

Block the Bad Traffic

What to Do: Use a firewall to block any traffic that looks suspicious. Firewalls help filter out bad requests. Example: Think of a bouncer at the door of a party only letting in guests who are on the list.

Monitor and Recover

What to Do: After blocking the bad traffic, keep watching your network to make sure the attack is really over. Slowly open up the website to normal visitors again. Example: After the storm has passed, you start letting people back in the store carefully, one by one.