DDoS attacks

Guys, how do you eliminate DDoS attacks?

[KingAdmin]

We have custom-built filters and firewall rules that will help you keep the server stable. We've worked with our datacenter on anti-DDoS solutions and have very positive results for prevention.
It also depends what hardware you have as a core router cause nowadays 1 Gbps attacks are nothing new and without proper hardware they will just kill your router by causing 100% load on its CPU thus entire network will go down.

Quote:

Originally Posted by KingAdmin

We have custom-built filters and firewall rules that will help you keep the server stable.

Very interesting! Can you share with us what exactly
firewall rules do you use, please?

[juandc]

Hi KingAdmin,

Do most of the datacenters have hardware firewall to preven DDos attack?.

As soon as a DDoS has been detected, "null-route" the target IP address for a few hours. In some datacenters this happens automatically. It will also block any non-DDoS connections to that IP address however, but the DDoS won't be able to harm anything on the server.

DDos attack detect by software for hardware firewall?. But still some of the server get hits. Specially 2checkout.com gets more often. How can they prevent. If they do the switching in layer 2 by hardware or software they can easily eliminate. What do you think?.

How does Null routing work with software firewall?. It jsut drop the packes?. I couln't understand how it works actually.

Oh sorry you're right you can only do that with your routers I think
Is it possible to "de-link" an IP from a server, via the server itself?

There is special hardware and tools today to prevent DDos attaks ,this is very expensive hardware so only big datacenter like RocketColo.net and hostdime.com use it today

If your datacenter has 1 gig of bandwidth and you put an expensive piece of equipment on your side of the link - if a 1.1 worth of ICMP traffic comes at your DC I don't care how much you paid...you're flooded.

A Null-Route is about the only thing that can be done to stop a sizeable ddos. The Null-Route is normally community-based and happens when some kind of detection software running in the DC picks up an attack. The detection software (beit a router or something like snort) will send up a message to the upstream router saying, "there is officially no route to this IP address from here". If the ddos cannot find a route to an IP to attack then it attack generally ends peacefully being nothing left to do. The only problem is that this attack has now succeeded - denying service to the attack victim.

Occsionally the upstream provider will allow the DC to put some filtering devices on the upstream side of the connection instead of the DC side. If that is the case, and the device has the horsepower to chug through all that traffic, one can mitigate the damages from a ddos.