The approaches described in this section could be pursued, but are not necessarily approaches that have previously been conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
A DDoS attack is an attempt to make a network machine or network resource unavailable to intended users. Generally speaking, DDoS attacks are an attempt to overwhelm the capacity of a network device or a service in order to interrupt or suspend functioning of network resources associated with the service. The DDoS attacks are a prevalent and ever-increasing threat and every Internet-based business or website is at potential risk.
Traditional methods for detecting and signaling DDoS attacks include monitoring incoming traffic and determining that a DDoS attack is under way based on an observation of a large increase in traffic originating from a large number of machines, each having a distinct Internet Protocol (IP) address. Mitigating the DDoS attack can include distinguishing incoming traffic associated with the DDoS attack from legitimate traffic and blocking the DDoS traffic.
However, when a protecting device, such as, for example, a DDoS device protecting a network upstream interface, is overwhelmed with the incoming DDoS traffic, it may become difficult or even impossible to send out a request for help. For example, if a network having a 10-gigabyte link is attacked by 100 gigabytes of DDoS traffic, a DDoS device may not be able to signal to another DDoS device or a network administrator that the DDoS attack is in progress.