Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment: Re:Don't negotiate with cyber criminals? (Score 4, Informative) 303

by jeandebogue (#41879223) Attached to: Ask Slashdot: How To Deal With a DDoS Attack?
The best way to mitigate a DDoS is to first understand it. Do they want to bring down one of your website, network, application, service or they want to just DDoS the whole thing.

The most important thing is to become invisible.
In short don't allow icmp in and out.

The second most important thing is to make sure you still have enough bandwidth.
If all of your internet connections are full then you need to find a way to have bandwidth in and out again. For this step then you have to deal with your ISP if you don't have BGP routers. If you have those BGP routers then you can tell your router to tell the ISP to stop sending traffic from those few ip addresses. Usually not much ip are sending huge amount of UDP or crap.

The third thing is to temporarily apply some aggressive firewall filtering at the border.
Black list all suspicious ip. This mean you should have some list of countries to block. If all your internet partners are in the US, you can safely block the rest of the world. Then you should start to grey-list some abusive ip for 1 hour. An efficient grey-list that fit your business model is very important. It will probably not be perfect the first time, but after 2 or 3 DDoS, it will catch a lot of crappy traffic.

It will let your clients and coworkers use your onlines services.
There are so many things that can be done, that you should hire some experts if this become a concern for your business. But with the steps above you can survive many DDoS.

"There is nothing new under the sun, but there are lots of old things we don't know yet." -Ambrose Bierce

Working...