How do servers implement security measures to protect against Distributed Denial of Service (DDoS) attacks, and what are the challenges in mitigating such attacks?

Servers implement various security measures to protect against DDoS attacks, including rate limiting, traffic filtering, and using Web Application Firewalls (WAFs). Techniques like Anycast routing can distribute traffic across multiple data centers. Additionally, DDoS protection services offer scrubbing centers to filter malicious traffic. Challenges in mitigating DDoS attacks include identifying malicious traffic amidst legitimate traffic, scaling defenses to handle large volumes of traffic, and ensuring minimal impact on user experience during mitigation.