Stop Series of Attacks from Determined IP Ranges | Best Methods

Best Methods to Stop Attacks from Determined IP Ranges

Prev Question Next Question

Question

Which of the below mentioned methods is the best to stop a series of attacks coming from a set of determined IP ranges?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - D.

A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets.

You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC.

For more information on NACL please visit the below URL:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html

The best method to stop a series of attacks coming from a set of determined IP ranges would be to use a combination of Network Access Control Lists (NACLs) and Security Groups.

NACLs are stateless and operate at the subnet level. They are used to control traffic coming in and out of a subnet. On the other hand, Security Groups are stateful and operate at the instance level. They are used to control traffic to and from an instance.

Option A suggests creating a custom route table and blocking the attacking IP addresses from the Internet Gateway. This method may be effective in preventing traffic from reaching the web tier but it won't help if the attack is coming from within the VPC.

Option B suggests creating web Security Group rules to block the attacking IP addresses over port 80. While this method may help in preventing the attack from reaching the web server, it won't help if the attacker is using a different port or protocol to carry out the attack.

Option C suggests putting the application on a private subnet. While this may provide some security benefits, it won't necessarily stop the attacks as the attacker can still gain access to the subnet and carry out the attack.

Option D suggests creating an inbound NACL associated with the web tier subnet with deny rules to block the attacking IP addresses. This is the best method as it will prevent traffic from the attacking IP addresses from reaching the web tier subnet altogether. NACLs are stateless and operate at the subnet level, so they can effectively block traffic from a specific IP range.

Therefore, the correct answer would be option D.