DDoS mitigation often uses an architecture in which a CDN or large reverse proxies are placed in front of the web services as a protection layer. However, sophisticated attackers will attempt to reveal the origin network or IP address and attack directly, making the mitigation layer completely useless.
This attack is called ‘Direct-to-Origin’ or in short ‘D2O‘.
This attack technique challenges organizations to either hide their sources (which is not always feasible), or mitigate the direct attack.
The DDoS Resiliency Score (DRS) include this technique in attack vectors launched specified in ‘Level 6’ and ‘Level 7’.