Here at $WORK a few of our sites that use the same ISP have been targets of
DOS attacks at random times. Part of my department handles the network to
our sites and the ISPs answer has been to just change the external IP.
Which stems the tide for a bit but it will rear its head again in a short
time
John,
Several school districts in WA have also had problems with DDOS attacks.
The solutions have ranged from:
* Get a DDOS box that helps to manage and dump the traffic such as Forti
DDoS 900B, Cisco firewall with IPS, or run fail2ban on a linux server:
https://www.garron.me/en/go2linux/f
Depends on what type of DDOS. If it's web based, services like CloudFlare
can help a tremendous amount with very little engineering work on your
team's part (most times). I've heard of it being implemented in hours.
If it's more a network level issue, then nothing will really help except
rigorous f
Part of the reason DDoS mitigation advice doesn't have a whole lot of
concretes is because it really depends on your own traffic and
secondarily on your attacker - so summarizing them all becomes
problematic. DDoS Mitigation stems from the theoretical question of "How
do you only allow 'good' t
The way I've handled it to this point with my sites and it has worked
well is various firewalls (mostly OpenBSD PF is what I use) allow you to
establish what an overload looks like. so I set mine up that if you
establish 10 connections in 5 seconds it tosses you onto the overload
list and just does
Some more information about my "quest".The sites are schools in our
"district" and all of our Web sites are hosted elsewhere. The attacks are
against our main gateway which acts as a DNS server as well.
On Wed, Mar 23, 2016 at 11:32 AM, Chris McEniry wrote:
> Part of the reason DDoS mitigation a
> From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org]
> On Behalf Of john boris
>
> Here at $WORK a few of our sites that use the same ISP have been targets of
> DOS attacks at random times. Part of my department handles the network to
> our sites and the ISPs answer has been
If I'm reading that right, and it's serving public DNS, move that off - Dyn and
Route53 have been useful. I know in the former, you can do hidden master.
Haven't set that up in the latter but would be surprised if it's not possible.
The assumption here is that DNS is being the beacon they're usi
