An ecommerce company's 1 Gbps internet uplink is being saturated by a 200 Gbps UDP amplification attack. Their edge routers support BGP and can advertise their /24 prefix to external peers, but they have no on-premise hardware capable of filtering hundreds of gigabits. Which mitigation approach will restore availability fastest while keeping legitimate traffic flowing?
Apply connection-rate limiting rules with iptables on every web server in the pool
Trigger a discard route using RTBH so upstream routers drop all packets to the /24
Announce the /24 via BGP to a cloud-based scrubbing center that tunnels back only filtered traffic
Activate TCP SYN cookies on the perimeter firewalls handling the site
Using a cloud-based DDoS scrubbing service that accepts the victim's prefix via BGP diversion moves the attack traffic off the customer's circuit entirely. The provider absorbs the 200 Gbps flood, filters it in their large network, and returns only clean packets over a GRE or IP-in-IP tunnel, so the 1 Gbps link is no longer congested. Remote triggered black hole (RTBH) also stops traffic upstream, but it drops all packets to the prefix, including legitimate users, so service is not restored. Enabling TCP SYN cookies mitigates only SYN floods and does nothing for the uplink-saturating UDP volume. Rate limiting with local iptables happens after the traffic has already overrun the circuit, so it cannot relieve link congestion.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a UDP amplification attack?
Open an interactive chat with Bash
How does a cloud-based scrubbing center mitigate DDoS attacks?
Open an interactive chat with Bash
What is RTBH (Remote Triggered Black Hole) routing?
Open an interactive chat with Bash
What is BGP and how does it help in a DDoS mitigation strategy?
Open an interactive chat with Bash
What is a UDP amplification attack and why is it hard to mitigate?
Open an interactive chat with Bash
What is a scrubbing center and how does it return clean traffic to the victim?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Network and Perimeter Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .