Ask HN: How to cope with DDoS attacks today?
As a system administrator, it always been a nightmare scenario for me. I was wondering what to do if attacker was powerful enough to have wide range of IPs and random timing. Is it possible to detect such attacks? Are there any good resources to study prevention techniques? Thank you all.
11 comments
[ 3.8 ms ] story [ 36.6 ms ] threadResources for learning: https://news.ycombinator.com/item?id=17063924
They've had to weather a lot of huge attacks because their service is popular with Minecraft server hosting companies, and apparently that industry is rife with DDOS sabotage of competitors.
https://news.ycombinator.com/item?id=17061281
If you don't have your own datacenter space, your options are limited. You can use Cloudflare, or serve your content over CDN.
But any DDoS mitigation appliance should be similar.
Layer 7 is difficult because it's expensive to do on a scrubbing device, but also because a sufficiently sophisticated DDoS can look like normal traffic.
Cloudflare can stop HTTP layer 7 stuff, but things like DNS protocol? You can't easily tell what's malicious and what's not (However, I've seen some dumb DDoS's where it's things like querying for XYZXYZXYZ...(lots of characters).org, or DNS reflection attacks, those are easy to filter). In those cases, it's really just a matter of overprovisioning your service, or suffer until the attackers run out of money or get bored.
As time goes on the attacks will get more sophisticated and harder to stop.