Its not widely that DDOS attacks also cause damage from state exhaustion in devices. A recent study by Netscout surprised me with how many engineers are aware of bandwidth overload on routing devices but give less consideration to state exhaustion in application aware devices.
Firewalls, IPS and reverse proxies are subject to overload failure when their internal state resources are exceeded. This includes server side caches like Varnish, memcache etc,. All of these elements should be part of your DDOS strategy but not widely understood.
Roland Dobbins talks about the nature of these attacks and how to implement stateful protection while using stateless DDOS technology.
Netscout has more information on the topics covered in this tech byte podcast at the following links:
The Protect Firewall service – www.netscout.com/ProtectFirewall
Solution description on Protect Firewall – https://www.netscout.com/solutions/omnis-smart-edge-protection/protect-firewalls
Situational awareness comes from threat analysis and insights. Netscout Horizon provides data and insights into the threat landscape. – https://www.netscout.com/horizon
Netscout Atlas security and response team – keeping you up to date and finding the bad things – https://www.netscout.com/asert