So what is the best architecture/method to defend against DDOS?
(just a note, I'm not a systems engineer or networking guru)
Honestly? I'd have to say that your best defense is having your servers hosted at, or your bandwidth delivered by, a competent and attentive provider with highly skilled staff. Such an organization will have a plan of action in the event of a DDOS attack and carry it out. A large and sophisticated DDOS attack can consume the fattest of bandwidth. That's a situation that your provider isn't going to be too fond of as they probably host many other clients. In all likelihood they'll want the problem solved as quickly as you do. More to the point, they'll have better resources to deal with such an event than you will. I don't think alter.net cares too much when you call them and ask for help in diagnosing the DDOS attack on your subleased 64k colocation bandwidth!
Note that even large companies and organizations like Microsoft and The SCO Group, who presumably have armies of skilled network and system engineers and heaps of bandwidth, have in fact been totally crippled by such attacks. I personally think that fact goes a long way toward illustrating that weathering the storm so to speak is often the only realistic option for Joe sysadmin.
In front of or on your own boxes it's obviously important to implement a firewall that allows for stateful packet inspection. While a DDOS attack may effectively clog your connectivity for a time, proper packet filtering should prevent your servers from experiencing even the tiniest of ill effects. Under only small scale DDOS attack where the available bandwidth isn't entirealy consumed, such filtering may be enough to keep your server totally available.
Also, having backup box(es) on some other network is a possibility. Though, once the address of such a server has been established, they may quickly suffer the same fate as your original server.
Unfortunately DDOS has graduated from script kiddies to organized crime.
The unfortunate fact is DDOS attacks can very effectively disable servers and disrupt business. A recent example being all of the spam email "blacklist" servers being forced to shut down due to endless DDOS perpetrated by spam cartels. Thankfully most extortionists, as you point out, generally tire of aiming their attacks at one individual and will move on to the next target they feel may give in to their monetary demands. Ironically of course, if anyone ever gave into such a demand, you'd imagine that they'd be DDOS'd into the ground as word spread that they were lucrative targets.
It's a fun network out there!
--- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED]
Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
