I recently experienced an unprovoked DDoS attack with a speed of 8Tbps against my website from over 80k unique IP addresses and I was wondering is there any way to protect myself against these attacks? I'm currently using Arbor Networks but they are not helping with this what so ever.
-
I haven't downvoted, but there already exist answers to quite similar questions. E.g.: https://security.stackexchange.com/questions/21003/how-to-protect-myself-against-paid-ddos-services?rq=1 – Paul May 23 '16 at 20:18
-
What type of DDoS attack? TCP? HTTP? etc. – user2320464 May 28 '16 at 02:03
1 Answers
Not sure exactly what Arbor Networks provide in terms of DDos their homepage talks about "on-premise solutions". That seldom helps against large DDoS attacks - once the traffic reach your premise, it is already game over.
So what to do? Get behind a CDN that offers DDoS protection, and make sure to change your IP so only your CDN and nobody else knows it. Since only the traffic your CDN lets through will ever reach your server, the attacker must take down the CDN edge node to take you down, and that is an insurmontable task.
Not saying they are better than any other CDN, but this is what CloudFlare has to say on the subject:
Layer 3 and 4 attacks are difficult—if not impossible—to mitigate with an on-premise solution. If an attacker can send more traffic than a network link can handle, no amount of additional hardware resources will help to mitigate such an attack. For example, if you have a router with a 10Gbps port and an attacker sends you 11Gbps of attack traffic, no amount of intelligent software or hardware will allow you to stop the attack if the network link is completely saturated.
With CloudFlare, all attack traffic that would otherwise directly hit your server infrastructure is automatically routed to CloudFlare’s global Anycast network of datacenters. Once attack traffic is shifted, we are able to leverage the significant global capacity of our network, as well as racks-upon-racks of server infrastructure, to absorb the floods of attack traffic at our network edge. This means that CloudFlare is able to prevent even a single packet of attack traffic from a traditional layer 3/4 attack from ever reaching a site protected by CloudFlare.
- 64,406
- 24
- 178
- 215
-
"The primary principle behind bypassing cloud based DDoS protection services is actually quite simple: If the attacker can identify the IP address of the origin hidden behind the cloud‐based DDoS protection service, he can directly attack the server." More: https://media.blackhat.com/us-13/US-13-Nixon-Denying-Service-to-DDOS-Protection-Services-WP.pdf – Mirsad May 23 '16 at 20:49
-
2@mirsad Sure, if your IP is known to the attacker you don't have any protection. – Anders May 23 '16 at 20:56