Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Are there any effective measures against DDoS attacks?
New Posts  All Forums:Forum Nav:

Are there any effective measures against DDoS attacks?

post #1 of 3
Thread Starter 
I'm already well versed in the old advice of mirroring content on external CDNs and just wait DDoS attacks out, but recently I've been reading more and more about how ISPs are filtering out such attacks and how some dedicated networking gear (eg Pravail APS) can stop at least some types of DDoS attacks from saturating your web farm.

Basically I'm just curious how effective these measures are. Does hardware like the Pravail APS actually offer any protection or is it just snake oil? And how would one liaise with your ISP (what information would you need to provide) if you are under attack?
post #2 of 3
If it is your servers that are affected the most, some smart firewall scripts can stop a lot of the attacks. For example, taking packet statistics during normal days to see how many packets an IP address sends over a span of 5-6 seconds and use that as a baseline. Then when an IP sends double the amount of packets in the same amount of time, you can dynamically create firewall rules for that IP address to be filtered. That way a DDoS attack from a thousand different computers can be neutralized in a matter of 10-20 seconds.

If the DDoS attack is broad enough, they could saturate your firewall with this method. However it is much harder to saturate a firewall than a web server.

Of course most DDoS attacks are zombie computers that are owned by real people. If you run an e-commerce business you may want to only make the IP ban temporary (say 24 hours) so if it is a consumer that legitimately wants to use your site, they can later.
Sab Tower
(12 items)
 
  
CPUMotherboardGraphicsRAM
i7 3770k ASRock Z77 OC Formula HIS IceQ Radeon 7950 Corsair Dominator Platinum 
Hard DriveHard DriveCoolingOS
Samsung Samsung 830 XSPC Raystorm EX360 OpenSUSE 12.2 
MonitorPowerCaseMouse
Acer 21 Inch Flat Screen Seasonic x650 NZXT Switch 810 Logitech MX510 
  hide details  
Reply
Sab Tower
(12 items)
 
  
CPUMotherboardGraphicsRAM
i7 3770k ASRock Z77 OC Formula HIS IceQ Radeon 7950 Corsair Dominator Platinum 
Hard DriveHard DriveCoolingOS
Samsung Samsung 830 XSPC Raystorm EX360 OpenSUSE 12.2 
MonitorPowerCaseMouse
Acer 21 Inch Flat Screen Seasonic x650 NZXT Switch 810 Logitech MX510 
  hide details  
Reply
post #3 of 3
Thread Starter 
Quote:
Originally Posted by frozne View Post

If it is your servers that are affected the most, some smart firewall scripts can stop a lot of the attacks. For example, taking packet statistics during normal days to see how many packets an IP address sends over a span of 5-6 seconds and use that as a baseline. Then when an IP sends double the amount of packets in the same amount of time, you can dynamically create firewall rules for that IP address to be filtered. That way a DDoS attack from a thousand different computers can be neutralized in a matter of 10-20 seconds.

If the DDoS attack is broad enough, they could saturate your firewall with this method. However it is much harder to saturate a firewall than a web server.

Of course most DDoS attacks are zombie computers that are owned by real people. If you run an e-commerce business you may want to only make the IP ban temporary (say 24 hours) so if it is a consumer that legitimately wants to use your site, they can later.

Great post. This all makes a lot more sense now.

Thank you (I'd +rep you multiple times for that if I could)
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Are there any effective measures against DDoS attacks?