Editing Denial-of-service attack (section)

===Firewalls===
In the case of a simple attack, a [[Firewall (computing)|firewall]] can be adjusted to deny all incoming traffic from the attackers, based on protocols, ports, or the originating IP addresses. More complex attacks will however be hard to block with simple rules: for example, if there is an ongoing attack on port 80 (web service), it is not possible to drop all incoming traffic on this port because doing so will prevent the server from receiving and serving legitimate traffic.<ref>{{cite web|url=http://www.computerworld.com/s/article/94014/How_to_defend_against_DDoS_attacks|first=Paul|last=Froutan|title=How to defend against DDoS attacks|work=[[Computerworld]]|date=June 24, 2004|access-date=May 15, 2010|archive-date=2 July 2014|archive-url=https://web.archive.org/web/20140702140309/http://www.computerworld.com/s/article/94014/How_to_defend_against_DDoS_attacks|url-status=dead}}</ref> Additionally, firewalls may be too deep in the network hierarchy, with routers being adversely affected before the traffic gets to the firewall. Also, many security tools still do not support IPv6 or may not be configured properly, so the firewalls may be bypassed during the attacks.<ref>{{Cite news|url=https://www.computerweekly.com/news/252445613/Cyber-security-vulnerability-concerns-skyrocket|title=Cyber security vulnerability concerns skyrocket|work=ComputerWeekly.com|access-date=2018-08-13|language=en-GB}}</ref>