With the prevalance of ddos attacks today, are there any steps we can do to limit them. We've been the subject of a few ddos attacks over the last 15 years lasting anywhere between a couple of hours and several days. One lasted a week or two but was largely broken into two parts -- the first lasting a couple of days before disappearing and then showing up again a week later for a couple of hours. The last one lasted about three days nonstop.
I'm not sure what would be useful for when we are the target of an attack. It seems to me that when the attack is going on, our bandwidth is so saturated that I'm not sure what we can do except to wait it out or to pay our provider to help mitigate the attack. On the other hand, there are steps that we can take to limit any unwitting participation in an attack from our side. For example, I have already been blocking all incoming UDP, TCP, and ICMP packets from the internet that claim to originate from our IP addresses and all outgoing UDP, TCP, and ICMP packets to the internet that are not from our IP addresses. With the ever increasing sophistication of ddos attacks, is anything else we can do in order to keep anything on our network from being used as part of a botnet or in order to reduce the severity of an incoming ddos attack. Walt Sent with ProtonMail Secure Email.
