nanog mailing list archives
Re: Solutions for DoS & DDoS
From: Yuri Slobodyanyuk <yuri () yurisk info>
Date: Fri, 7 Dec 2012 11:30:52 +0200
I can think of few options here (basically restating what has been said already) : - Black hole routing on ISP side - just makes the client unreachable outside ISP , available everywhere, free. Not really a protection as aids the attacker in achieving his goal - shutting down the client - Managed DDOS As a Service on ISP side - ISP has a dedicated solution to stop attacks on ISP premises (by dedicated I mean some hardware installed) . Vendors vary (Arbor/Radware/etc..) and actually are not of much importance to the end client - only SLA should be in place. Costs money, advisable when undergoing non-stop/frequent attacks of moderate severity. If an attack reaches gigabits bandwidth consumption the ISP may revert back to Black Hole to protect its backbone and other clients. - If speaking of web/email services - hosted solution is viable to some degree (e..g Amazon AWS Cloudfront, Google Apps, CDNs etc) . IT is not a DEDICATED hosted solution against DDOS, so be prepared for the provider to shut down the client if the attack gets heavy enough - Hosted web/email solutions WITH dedicated DDOS protection included, including insurance that client will not be shut down on heavy load attack (Prolexic etc) . Costs money (not cheap at all) and if your site is not to be attacked like krebsonsecurity.com or fbi.gov probably an overkill. HTH
--
Taking challenges one by one. http://yurisk.info
Current thread:
- Solutions for DoS & DDoS Mike Gatti (Dec 06)
- RE: Solutions for DoS & DDoS Joseph Chin (Dec 06)
- Re: Solutions for DoS & DDoS Joly MacFie (Dec 06)
- Re: Solutions for DoS & DDoS Yuri Slobodyanyuk (Dec 07)
- Re: Solutions for DoS & DDoS Damian Menscher (Dec 15)
- Re: Solutions for DoS & DDoS Vasile Borcan (Dec 10)
- Re: Solutions for DoS & DDoS Ameen Pishdadi (Dec 10)
- Re: Solutions for DoS & DDoS Christopher Morrow (Dec 10)
- Re: Solutions for DoS & DDoS Ameen Pishdadi (Dec 10)
- <Possible follow-ups>
- Re: Solutions for DoS & DDoS Steve (Dec 06)
- Re: Solutions for DoS & DDoS Erol Blakely (Dec 06)
- Re: Solutions for DoS & DDoS Ahmed Maged (Dec 06)
- Re: Solutions for DoS & DDoS Erol Blakely (Dec 06)