DDoS Prevention and Detection

F

Francisco

New member
Well,

I guess everyone has a first time for everything, well yesterday, I received an 80Mbit Attack on Port 80 that lasted for 10 Minutes. I have APF with Anti-DDoS but it didn't make a difference because after the first Attack I received a Second one after 8 mins or so...

What apps or software should be taken into consideration to avoid further downtime?

When the attack was up the Processor Usage was at 50.5 and it seems like they attacked HTTPd port...

Thanks in Advance
 
Hi Francisco - I went through the whole DDOS issue around 6-9 months ago - basically - all the flood guard stuff offered around is bogus (sorry, I know people will jump on this - but its true) - there's only 1 way to successfully battle a DDOS attack - and - sadly - its out of your hands (unless you own your own DC) -

Choose your DC wisely - they are the only ones that can help you with this (at least properly) - and a DC with "flood guard" is not the answer - your DC techs have to be willing to work with you and through the attack with you - filtering the attack at the core router level (more then 10 hits from IP xyz... block IP for x days/hours, etc) - as DDOS usually originate from multiple sources - the DC has to be willing to dedicate the time to filter the attack - "flood guard" will help and will reduce the amount of work a tech needs to do - but, floodguard on its own isnt too useful - just my experience and Im sure others have different better suggestions..
 
You need to get a hardware DDOS protection thing. So choosing a DC carefully is always the right way to go. Since I know my DC, I can pretty much have whatever I need installed.
 
I think Andrew has covered most things.

The main thing is that software protection for a DDoS really doesn't work.
A lot of the time the server is too overloaded for anything to run anyway, you need hardware that can block the attacks before they reach the server.

DDoS is something that can't really be stopped, even now when technology is so advanced.

You would think there was something that could take care of this a lot better though.

There are more options coming out to protect against a DDoS but you will have to do a lot of reading up on most of the methods, a lot are very advanced and aren't easy to understand.
 
Thanks for all the replies, Andrew thank you for your prompt reply and knowledge sharing with me, I will keep in mind about asking the Datacenter to block the IP's next time.

I think the DDOS they did on us was thru Proxy Servers/IRC Servers that was constantly hitting Apache to pull a page (PHP) using all the allowed Network flow (100Mbps) and making the Server load to go up to 50
 
You must log in or register to reply here.

Supporters

Back
Top