Additionally there's a third method but this relies on your provider to manually drop every single suspected IPs attacking your resources. Sure this is effective for probably 10 attackers but in case of botnets, the attack is probably over by the time their done updating their ACLs.
On 12 September 2010 19:53, Ihsan Junaidi Ibrahim <ihsan.juna...@gmail.com> wrote: > Salam, > > Stopping DDOS at the perimeter is not the solution in the case of DDOS > targeting resources/bandwidth saturation. The only solution is to get > your upstream provider to drop the malicious traffic in their network > before it enters your network. This can be done by BGP blackhole > (traditional way) or the more recent, flowspec. This is probably the > only effective way against botnet-initiated DDOS attacks. If they have > the resources, running their own BGP is always recommended. > > Dropping traffic within your network only works if you have an obscene > amount of upstream bandwidth that can never, ever be saturated which > is of course, is not a reality here in Malaysia. > > CDN works if the CDN provider have their own DDOS mitigation mechanism > but I believe they are using either one of the 2 methods above. The > first one is nasty, they'll blackhole all access to your designated > IPs and the latter is much more refined but unsupported by many > carriers. > > On 12 September 2010 17:52, Harisfazillah Jamel <linuxmalay...@gmail.com> > wrote: >> Team, >> >> What happen to Malaysia Today (MT) website get my interest to know >> more about handling this kind of attacks and what can be by us system >> administrator and developers in protecting our websites. Its can >> happen to any website. >> >> Im against DDOS that can cripple any websites including government >> websites, business and ordinary people. DDOS also shows our computer >> users still not updating their operating system to protect from trojan >> or DDOS bot. Lack of awareness and knowledge I believe. Im looking >> into this DDOS attack of MT in big picture.... If they can attack MT >> they also can attack our Internet infra and cripple our country >> network. Our banking systems now in question, can they protect >> themself? >> >> More info for those who want to know about protecting from DDOS >> >> http://developer.yahoo.com/performance/rules.html >> >> http://www.owasp.org/index.php/Testing_for_Denial_of_Service or google >> for OWASP DDOS >> >> At this blog post I also discuss about ways of protecting, may be its >> could work ... >> >> http://uppercaise.wordpress.com/2010/09/11/access-to-malaysia-today/ >> >> For example the use of CoralCDN network >> >> http://www.coralcdn.org/ >> >> CoralCDN service can be use to access non login websites (due to its >> proxy like) example to access PMO website >> >> http://www.pmo.gov.my.nyud.net/ >> >> more articles about Content Distribution Network (CDN) >> >> http://www.reaper-x.com/2009/10/02/how-to-use-coralcdn-to-save-your-bandwidth-problem-server-resources/ >> >> http://devcentral.f5.com/weblogs/macvittie/archive/2010/01/25/how-to-use-coralcdn-on-demand-to-keep-your-site-available.aspx >> >> or using Squid and Nginx >> >> http://serverfault.com/questions/30705/how-to-set-up-nginx-as-a-caching-reverse-proxy >> >> http://wiki.squid-cache.org/SquidFaq/ReverseProxy >> >> Im also looking into solution like >> >> IPF in FreeBSD >> >> and Iptables drop .... >> >> >> This email post to >> >> OSDC.my Mailing List >> >> http://groups.google.com.my/group/osdcmy-list >> >> OWASP Malaysia Mailing List >> >> https://lists.owasp.org/mailman/listinfo/owasp-Malaysia >> >> -- >> Join Open Source Developers Club Malaysia http://www.osdc.my/ >> >> Facebook Fan page >> >> http://www.facebook.com/group.php?gid=98685301577 >> >> http://www.facebook.com/OSDC.my >> >> You received this message because you are subscribed to the Google >> >> Groups "OSDC.my Mailing List" group. >> To post to this group, send email to osdcmy-list@googlegroups.com >> To unsubscribe from this group, send email to >> osdcmy-list+unsubscr...@googlegroups.com >> For more options, visit this group at >> http://groups.google.com/group/osdcmy-list?hl=en > > > > -- > Thank you for your time, > Ihsan Junaidi Ibrahim > -- Thank you for your time, Ihsan Junaidi Ibrahim -- Join Open Source Developers Club Malaysia http://www.osdc.my/ Facebook Fan page http://www.facebook.com/group.php?gid=98685301577 http://www.facebook.com/OSDC.my You received this message because you are subscribed to the Google Groups "OSDC.my Mailing List" group. To post to this group, send email to osdcmy-list@googlegroups.com To unsubscribe from this group, send email to osdcmy-list+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/osdcmy-list?hl=en
