Mitigating Application-level DoS attacks with LoadMaster
Applications, whether deployed in the cloud or on-premise, are more often falling victim to external DoS (and Distributed DoS) attacks. We created this experiment to demonstrate how KEMP LoadMaster can help mitigate the impact of such an attack by deploying 2 application servers and securing one with a LoadMaster.
KEMP LoadMaster’s Application Front End (AFE) feature allows customers to set thresholds in order to protect published workloads. The Client Limiting within the AFE permits only a fixed number of TCP connections per IP address or subnet. Networks can be assigned different limits therefore allowing more connections from trusted sources. In the event of a Denial of Service (DOS) attack the LoadMaster will drop any connections that exceed the permitted value. This action will protect the published workload from any malicious access as well as prevent undesirable performance impact.
This was created in a Lab in the cloud using HP LoadRunner to create connections and to measure performance and response times of the application, using SAP as the application.