Perhaps I didn’t express my thoughts clearly, and for that, I apologize.
In the past, we typically approached the challenge of mitigating DDoS attacks by countering and combating resources at the L3-L7 level. I do not deny that this is a correct and effective solution, and I am familiar with how it works.However, in my previous work, our mobile app often fell victim to DDoS attacks, and I found that there could be an alternative approach to addressing the issue. Why must we tackle DDoS with a firewall mindset? Is it possible to make DDoS disappear more proactively?We analyzed DDoS from the ATT&CK perspective of the attacker, focusing on the typical steps of attacking a mobile app:
1、Downloading the app from the App Store.
2、Analyzing the app through packet capture or debugging tools to identify the attack target: Domain or IP address.
3、Using DDoS tools to initiate an attack on the target using a botnet.
Typically, we address DDoS at the third step when the attack has already occurred, and we are left seeking additional layers of protection.Our approach is in the second stage. When I have a certain number of edge IPs to distribute user or device connections and manage global traffic based on user or device context, this method is highly effective.The only drawback is that this method is only effective for native mobile or client applications. However, the benefits it brings include making the application actively immune to DDoS rather than passively defending against it and effectively identifying attackers.
Perhaps I didn’t express my thoughts clearly, and for that, I apologize.
In the past, we typically approached the challenge of mitigating DDoS attacks by countering and combating resources at the L3-L7 level. I do not deny that this is a correct and effective solution, and I am familiar with how it works.However, in my previous work, our mobile app often fell victim to DDoS attacks, and I found that there could be an alternative approach to addressing the issue. Why must we tackle DDoS with a firewall mindset? Is it possible to make DDoS disappear more proactively?We analyzed DDoS from the ATT&CK perspective of the attacker, focusing on the typical steps of attacking a mobile app:
1、Downloading the app from the App Store.
2、Analyzing the app through packet capture or debugging tools to identify the attack target: Domain or IP address.
3、Using DDoS tools to initiate an attack on the target using a botnet.
Typically, we address DDoS at the third step when the attack has already occurred, and we are left seeking additional layers of protection.Our approach is in the second stage. When I have a certain number of edge IPs to distribute user or device connections and manage global traffic based on user or device context, this method is highly effective.The only drawback is that this method is only effective for native mobile or client applications. However, the benefits it brings include making the application actively immune to DDoS rather than passively defending against it and effectively identifying attackers.