0

I always wondered how big tech companies could fight against DDoS Attacks reaching nearly 1tbps+. From my understanding traffic can't just disappear so even if I drop all e.g udp packets via iptables (also tried ebfp) iptables -A INPUT -p udp -j DROP the traffic coming to my server won't change and my server would still be unreachable because my port is maxed out.

So it all depends on the network capacity? DDoS attacks nowdays easily reach 300-600gbps daily this would max out an entire core router in an datacenter how do they mitigate it?? Please I need some advice.

GrafMetrics
  • 1
  • There are technologies like BGP blackholing that can stop the traffic from ever reaching your router. However, if you really need DDOS protection, you should consider something like cloudflare. Since their network can handle many Tbps of traffic, it will be able to handle ddos attacks much larger than you will ever be able to do at a single data center – Natecat Jul 20 '22 at 23:18
  • Does this answer your question? [I am under DDoS. What can I do?](https://serverfault.com/questions/531941/i-am-under-ddos-what-can-i-do) – Rob Jul 22 '22 at 18:35

1 Answers1

1

DDOS packets will reach your device and take up your bandwidth regardless whether you drop them or not.

Malicious traffic should be filtered before it's routed to your device's IPs (and even your ISP), by special (commercial) services that have expertize, bandwidth, computing power to analyze and cleanup clients traffic.

If attack is not on bandwidth, but on server resources or application, you may try to filter out malicious traffic on your device by youself

gapsf
  • 641
  • 1
  • 5
  • 12