When it comes to mitigating attacks that use older protocols, Akamai is of the opinion the best defense will come from the ISP's side, and not the end user or the enterprise, but that isn't always easy to implement. "An ISP could globally filter any unnecessary services that could potentially be exploited," said David Fernandez of Akamai's PLXsert, in an email, referring to SSDP refection attacks as an example. "SYN floods are traditionally the most popularly used attack vector by malicious attackers and requires a more dedicated mitigation strategy. "
[Edited to add comments from Akamai.]
Sign up for Computerworld eNewsletters.