a. Check number of session on WAF if application is being integrate with WAF b. Check Application server functions in terms of vulnerability/patch/no of running sessions/ OS service c. Check volumetric traffic on connectivity (Link Utilisation) d. Check DDoS portal for verifying logs about suspicious traffic ( TCP/UDP Flood, SYN Request, etc) e. Verify in traffic is passed/block by Firewall f. Refer any previous use case/ incident for quick resolutions
(2) Attack Type : Increase Inbound Traffic
a. Check services status on DDoS Portal b. Identify type of attack : volumetric DDoS or Application DDoS c. Evaluate Source IP address details and mitigate it d. Apply rate limit and connection limit e. Ask Service vendor to scrub false traffic and provide legitimate traffic