[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Solutions for DoS & DDoS
- Subject: Solutions for DoS & DDoS
- From: yuri at yurisk.info (Yuri Slobodyanyuk)
- Date: Fri, 7 Dec 2012 11:30:52 +0200
- In-reply-to: <[email protected]>
- References: <[email protected]>
I can think of few options here (basically restating what has been said
- Black hole routing on ISP side - just makes the client unreachable
outside ISP , available everywhere,
free. Not really a protection as aids the attacker in achieving his goal -
shutting down the client
- Managed DDOS As a Service on ISP side - ISP has a dedicated solution to
stop attacks on ISP premises (by dedicated I mean some hardware installed)
. Vendors vary (Arbor/Radware/etc..) and actually are not of much
importance to the end client - only SLA should be in place. Costs money,
advisable when undergoing non-stop/frequent attacks of moderate severity.
If an attack reaches gigabits bandwidth consumption the ISP may revert back
to Black Hole to protect its backbone and other clients.
- If speaking of web/email services - hosted solution is viable to some
degree (e..g Amazon AWS Cloudfront, Google Apps, CDNs etc) . IT is not a
DEDICATED hosted solution against DDOS, so be prepared for the provider to
shut down the client if the attack gets heavy enough
- Hosted web/email solutions WITH dedicated DDOS protection included,
including insurance that client will not be shut down on heavy load attack
(Prolexic etc) . Costs money (not cheap at all) and if your site is not to
be attacked like krebsonsecurity.com or fbi.gov probably an overkill.
Taking challenges one by one.