* [Blog](https://www.paloaltonetworks.com.au/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/corporate/)
* [Malware](https://www.paloaltonetworks.com.au/blog/category/malware-2/)
* Tip of the Week: Understa...

# Tip of the Week: Understanding Mobile Devices and DDoS

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2014%2F01%2Ftip-week-whats-deal-mobile-devices-ddos%2F)  
[](https://twitter.com/share?text=Tip+of+the+Week%3A+Understanding+Mobile+Devices+and+DDoS&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2014%2F01%2Ftip-week-whats-deal-mobile-devices-ddos%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2014%2F01%2Ftip-week-whats-deal-mobile-devices-ddos%2F&title=Tip+of+the+Week%3A+Understanding+Mobile+Devices+and+DDoS&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/2014/01/tip-week-whats-deal-mobile-devices-ddos/&ts=markdown)  
\[\](mailto:?subject=Tip of the Week: Understanding Mobile Devices and DDoS)  
Link copied  
By [Brian Tokuyoshi](https://www.paloaltonetworks.com/blog/author/brian/?ts=markdown "Posts by Brian Tokuyoshi")  
Jan 29, 2014  
4 minutes  
[Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown)  
[Mobility](https://www.paloaltonetworks.com/blog/category/mobility/?ts=markdown)  
[Tip of the Week](https://www.paloaltonetworks.com/blog/category/tip-of-the-week/?ts=markdown)  
[BYOD](https://www.paloaltonetworks.com/blog/tag/byod/?ts=markdown)  
[DDoS](https://www.paloaltonetworks.com/blog/tag/ddos/?ts=markdown)  
[globalprotect](https://www.paloaltonetworks.com/blog/tag/globalprotect/?ts=markdown)  
[mobile devices](https://www.paloaltonetworks.com/blog/tag/mobile-devices/?ts=markdown)  
[PAN-OS 6.0](https://www.paloaltonetworks.com/blog/tag/pan-os-6-0/?ts=markdown)

I've seen a number of articles this month about how Distributed Denial of Service (DDoS) attacks evolve through the use of mobile devices. I think the articles blur the lines on several issues, so I wanted to clarify each scenario. There are several security issues at play, and it's important to distinguish the difference between a DDoS attack itself and the tools used to initiate and execute one from a mobile device.

The standard DDoS attack is an attempt to overwhelm the available network connections available in order to prevent legitimate traffic from getting through. This is typically done by coordinating a botnet to initiate a flood of traffic aimed at a specific victim. The challenge that organizations face is how to identify and filter the bad traffic from the good traffic.

In some ways, the mobile element is not particularly unique, because at the end of the day, it's still traffic that originates from a computer that you do not control. The primary difference is that mobile traffic is not easily blocked by source IP or domain (since it originates from a constantly moving device from a service provider or public WiFi hot spot), so the filtering technology has to be more precise. In any case, whether organizations chooses to use protection technologies upstream (in the cloud or at their ISP) or whether they employ [DDoS mitigation technologies in the next-generation security platform](https://www.paloaltonetworks.com/blog/2012/04/getting-a-handle-on-ddos/), the fundamental issue is not about the mobile device, per se, but rather the technology used to scrub traffic.

The articles bring up a second and far more interesting issue, and that's related to the mobile applications that perform a DDoS attack. Several of the tools mentioned cross several broad categories, so let's clarify these issues a bit further.

The tools for opt-in DDoS, such as a client for Low Orbit Ion Cannon (LOIC) for mobile devices, are big challenges. They allow users to participate in a DDoS -- it's essentially a way to opt-in to a botnet. The security issue here is not the DDoS attack itself (unless your company happens to be the intended target), but rather a mobile device policy issue. In other words, these applications can place the device under the control of a third party and make your organization a participant in an attack against another victim.

Botnet participants do not always join willingly. The other way to build a large community of participants is to use malware to turn the victim into a zombie. The malware does not necessarily attempt to steal data or otherwise harm the host, but rather lies in wait until called upon to participate in a DDoS attack.

In all cases, the common denominator for mitigating these issues is to identify devices that have unapproved tools and block their participation in the larger attack. Palo Alto Networks has a unique set of technologies to disrupt the use of unapproved applications, botnets and malware, summarized as follows:

* You can use [GlobalProtect Mobile Security Manager](https://www.paloaltonetworks.com/blog/2014/01/announcing-globalprotect-mobile-security-manager/), which we released this month as part of our PAN-OS 6.0 update, to blacklist unapproved hacking tools and opt-in DDoS clients for mobile devices. Assigning policy based on the state of the device, such as the presence of blacklisted apps, places restrictions on what the device can do until the issues have been remediated.
* Detect botnet acttivity to keep users from participating in a DDoS (whether it's willingly or unwillingly). Botnet Report gives the organization a proactive tool to spot users that may have devices that may be taking direction from an outside party.
* Use network policies for application control to block unwanted applications and intercept their ability to contact command \& control servers.
* Employ threat prevention to stop exploits and mobile malware. Break the malware lifecycle by identifying both known and unknown forms of malware, and disrupting its ability to communicate.

Hopefully these tips help you get started with a plan for dealing with unwanted applications on mobile devices participating. Breaking complex attacks (including ones that your users willingly participate in) can require a new approach for security, one that is based on blending the protections for controlling applications, traffic and mobile devices. This is why the next-generation security platform and Palo Alto Networks mobile security solutions are ideal for dealing with the applications and threats that you don't want on your network.

[Mobile and End-User Security](https://www.paloaltonetworks.com/content/campaigns/ignite/ignite-2014/sessions.html) is a marquee session track at Ignite 2014. [Join us in Las Vegas](https://www.paloaltonetworks.com/content/campaigns/ignite/ignite-2014/home.html) March 31-April 2 and get all your questions answered.

*** ** * ** ***

## Related Blogs

### [Application Advisory/Analysis](https://www.paloaltonetworks.com/blog/category/application-analysis/?ts=markdown), [Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Mobility](https://www.paloaltonetworks.com/blog/category/mobility/?ts=markdown), [Threat Advisories - Advisories](https://www.paloaltonetworks.com/blog/category/threat-advisories-advisories/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### Chinese Taomike Monetization Library Steals SMS Messages](https://www.paloaltonetworks.com.au/blog/2015/10/chinese-taomike-monetization-library-steals-sms-messages/)

### [Distributed Enterprise](https://www.paloaltonetworks.com/blog/category/distributed-enterprise/?ts=markdown), [Mobility](https://www.paloaltonetworks.com/blog/category/mobility/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)

[#### Reusable Mobile App Libraries Introduce Reusable Security Issues](https://www.paloaltonetworks.com.au/blog/2014/07/reusable-mobile-app-libraries-introduce-reusable-security-issues/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Research](https://www.paloaltonetworks.com/blog/category/research/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### From Ransom to Revenue Loss](https://www.paloaltonetworks.com.au/blog/2025/10/from-ransom-to-revenue-loss/)

### [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Secure M\&As and Accelerate Time-to-Value with Prisma Access Browser](https://www.paloaltonetworks.com.au/blog/sase/secure-mas-and-accelerate-time-to-value-with-prisma-access-browser/)

### [Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Secure BYOD with Prisma Access Browser for Mobile Devices](https://www.paloaltonetworks.com.au/blog/sase/secure-byod-with-prisma-access-browser-for-mobile-devices/)

### [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Threat Advisories - Advisories](https://www.paloaltonetworks.com/blog/category/threat-advisories-advisories/?ts=markdown), [Tip of the Week](https://www.paloaltonetworks.com/blog/category/tip-of-the-week/?ts=markdown)

[#### How Cortex Xpanse Can Identify CISA-Identified Known Exploited Vulnerabilities](https://www.paloaltonetworks.com.au/blog/security-operations/cortex-xpanse-identify-cisa-kev/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language