GoFuckYourself.com - Adult Webmaster Forum - View Single Post

Phil21 · 06-03-2007, 03:53 PM

I call bullshit on 'prolexic can't help'. They filter application-level attacks as part of their business, otherwise they would be completely worthless. It is EXTREMELY rare to find a simple "massive" ddos attack any more, meaning 5, 10, 15gbit of inbound traffic simply meant to overwhelm equipment/routers/etc. This is fairly easily filtered by large hosts, and DDoS filtering companies. It's simply a matter of having more network and hardware capacity than the attackers.

The harder to filter stuff are HTTP based attacks that appear to be "legit" traffic hitting specifc applications. They may simply make get requests for pages that have high overhead, or actually follow a transaction model. However, companies where DDoS is their business absolutely do have means to protect against this. It's not cheap, and isn't easy, but it is possible if your downtime is worth more than the cost to stay up. Many mechanisms exist, but generally since HTTP attacks cannot be spoofed they revolve around watching all connections, when one IP is seen too much they get redirected to a capchta based system of some sort. If the attack still is working, all traffic can be redirected. Yes, this does have an effect on your traffic of course - but it's better than being 100% down. There are also multitudes of other ways.

In short, I wouldn't just lay down and give up. DDoS sucks, is expensive as hell to filter, but it is possible if given enough equipment, capacity, and knowledge. However, there may simply be a point where it's cheaper to leave sites down a for a few days or a week, than pay an easy 6 figures to filter them for that time period.

Good luck to everyone involved!

-Phil

06-03-2007, 03:53 PM
Phil21 Confirmed User Join Date: May 2001 Location: ICQ: 25285313 Posts: 993	I call bullshit on 'prolexic can't help'. They filter application-level attacks as part of their business, otherwise they would be completely worthless. It is EXTREMELY rare to find a simple "massive" ddos attack any more, meaning 5, 10, 15gbit of inbound traffic simply meant to overwhelm equipment/routers/etc. This is fairly easily filtered by large hosts, and DDoS filtering companies. It's simply a matter of having more network and hardware capacity than the attackers. The harder to filter stuff are HTTP based attacks that appear to be "legit" traffic hitting specifc applications. They may simply make get requests for pages that have high overhead, or actually follow a transaction model. However, companies where DDoS is their business absolutely do have means to protect against this. It's not cheap, and isn't easy, but it is possible if your downtime is worth more than the cost to stay up. Many mechanisms exist, but generally since HTTP attacks cannot be spoofed they revolve around watching all connections, when one IP is seen too much they get redirected to a capchta based system of some sort. If the attack still is working, all traffic can be redirected. Yes, this does have an effect on your traffic of course - but it's better than being 100% down. There are also multitudes of other ways. In short, I wouldn't just lay down and give up. DDoS sucks, is expensive as hell to filter, but it is possible if given enough equipment, capacity, and knowledge. However, there may simply be a point where it's cheaper to leave sites down a for a few days or a week, than pay an easy 6 figures to filter them for that time period. Good luck to everyone involved! -Phil __________________ Quality affordable hosting.