Godlike Productions - Discussion Forum
Users Online Now: 2,325 (Who's On?)Visitors Today: 469,569
Pageviews Today: 1,108,484Threads Today: 453Posts Today: 11,123
06:02 PM

Rate this Thread

Absolute BS Crap Reasonable Nice Amazing

Five ways to defend against a DDoS attack

Anonymous Coward
User ID: 1013606
United States
10/11/2010 02:28 AM
Report Abusive Post
Report Copyright Violation
Five ways to defend against a DDoS attack
1. Beat it with bandwidth

The most basic response to a request or traffic flood is to have sufficient additional bandwidth to withstand an attack.

Larry Bloch, chief executive of Australian web host NetRegistry, believes the best protection is superior infrastructure.

The web host was recently caught in the crossfire of 4Chan users' "Operation: Payback" DDoS against anti-piracy lobbyist Australian Federation Against Copyright Theft (AFACT).'

2. Geo-blocking

NetRegistry engineers had responded to the attack aimed at AFACT using a technique called "geo-blocking".

The engineers identified that malicious traffic was predominantly coming from Chile and Columbia. With less than one percent of traffic coming from these counties on a given day, compared to say the US, NetRegistry opted to block all traffic from these countries

3. Hide behind giants

The development of cloud computing platforms has introduced a variety of new options to provide resilience against a DDoS attack.

Some companies have migrated part of their infrastructure to distributed computing platforms such as content delivery networks Limelight or Akamai.

"Those are cheaper than buying more bandwidth, but it's [still] not cheap," said Nazario.

For those without deep pockets - such as small business and even government agencies - one strategy to beat DDoS has been to rely on the larger infrastructure sets of social network giants such as Google or Facebook.

4. The reverse proxy

Australian web host Bulletproof Networks recently deployed a similar albeit more sophisticated cloud-based response by hiving off attack traffic to Amazon's EC2 cloud.

Responding to a sustained DDoS attack aimed at broadband forum Whirlpool, Bulletproof had attempted to mitigate the attack by blocking individual IP addresses.

The web host had asked its upstream providers Internode and Pacific Internet to block incoming HTTP traffic from several IP addresses in the United States and Denmark, but within minutes the attack source shifted.

5. Choose your neighbors carefully

Given the recent attack on AFACT, businesses might wonder whether it is possible to avoid fallout by refusing to share hosting infrastructure with a likely target.

[link to www.itnews.com.au]