Connect with us

Hi, what are you looking for?


Network Security

Report Examines Limitations of Firewalls in Fighting DDoS Attacks

Security firm Prolexic Technologies released a whitepaper today aimed at helping organizations use their firewalls more effectively to fight distributed denial-of-service (DDoS) attacks.

Security firm Prolexic Technologies released a whitepaper today aimed at helping organizations use their firewalls more effectively to fight distributed denial-of-service (DDoS) attacks.

DDoS attacks have emerged as a favorite weapon of hacktivists. But no matter who is doing it, the impact for businesses can be significant. As recent poll of 1,000 IT professionals by security provider NeuStar revealed just how much: according to the study, 67 percent of those in the retail industry said a DDoS attack would cost them more than $100,000 per hour.

Security firm Prolexic offers anti-DDoS services. According to its report, while firewalls can serve as a Band-Aid to block malicious traffic, they are not built to handle the massive loads of traffic that can accompany a DDoS attack.

“To ensure that you use a firewall to its best advantage in a DDoS protection strategy, you should first be aware of the difference between stateful and stateless firewalls and what each are designed to do,” the report says.

Stateful firewalls, the report states, are designed to monitor regular levels of traffic and stop small amount of stateful attacks, and they often fail in the event of a DDoS.

“Every stateful firewall has limits,” the report states. “It is crucial that you determine what those limits are. Otherwise, your stateful firewall may fail during a DDoS attack even before other technologies and services are affected.”

If a SYN flood or TCP connection flood is larger than the firewall’s capacity, the only alternative may be to turn off the stateful features or filter traffic further upstream with a device with more throughput, the report notes.

Advertisement. Scroll to continue reading.

“In a Distributed Denial of Service situation, a firewall can provide limited blocking of malicious traffic for network protection,” said Stuart Scholly, president at Prolexic, in a statement. “However, IT organizations should realize that firewalls are playing an increasingly limited role in DDoS protection and this paper brings this fact to light.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...