Technical and operational measures to absorb, deflect, or survive distributed denial-of-service attacks. A DDoS floods your infrastructure with traffic from many sources simultaneously, aiming to knock it offline. Mitigation happens at multiple layers: DNS-level filtering (sinkhole malicious queries), IP-level filtering (BGP announcements, reverse proxies), and application-level rate limiting. Services like Cloudflare, Akamai, and smaller specialized providers maintain scrubbing centers that absorb attack traffic before it reaches your origin. For domain registrars and DNS operators, DDoS mitigation is existential—attacks on nameservers can disable entire domains. Anycast DNS architecture itself provides some resilience by distributing queries across geographically dispersed servers. Bulletproof hosting providers often include DDoS mitigation as standard, though their legal footing varies by jurisdiction. Critical for high-value targets (exchanges, journalism platforms, activist infrastructure). Important to note: DDoS mitigation doesn't prevent attacks, only reduces their damage. Cost scales with attack size; massive floods still require either absorbing enormous bandwidth or going offline.
security
DDoS mitigation
Defensive measures to survive or absorb distributed denial-of-service traffic floods.