Depends on what type of DDOS. If it's web based, services like CloudFlare can help a tremendous amount with very little engineering work on your team's part (most times). I've heard of it being implemented in hours. If it's more a network level issue, then nothing will really help except rigorous firewall rules and having your ISP block whatever possible before it even gets to your link. This is why I like hosting critical services in external datacenters or providers like Rackspace/Amazon. They have teams dedicated to this and often deal with it before you are even aware it's an issue. -D
On Wed, Mar 23, 2016 at 11:20 AM, Ski Kacoroski <kacoro...@gmail.com> wrote: > John, > > Several school districts in WA have also had problems with DDOS attacks. > The solutions have ranged from: > > * Get a DDOS box that helps to manage and dump the traffic such as Forti > DDoS 900B, Cisco firewall with IPS, or run fail2ban on a linux server: > > > https://www.garron.me/en/go2linux/fail2ban-protect-web-server-http-dos-attack.html > > or if you just need to protect a web server run mod_evasive: > > > https://www.linode.com/docs/websites/apache-tips-and-tricks/modevasive-on-apache > > The problem with these solutions is that many DDOS attacks really require > you to work with your providers to block the attack upstream. The better > upstream providers will work with you to block the attacks. > > cheers, > > ski > > On 03/23/2016 07:45 AM, john boris wrote: > >> Here at $WORK a few of our sites that use the same ISP have been targets >> of DOS attacks at random times. Part of my department handles the >> network to our sites and the ISPs answer has been to just change the >> external IP. Which stems the tide for a bit but it will rear its head >> again in a short time. The attacks continue for a time then stop then >> start up again. >> >> I have been searching the net on this topic but I have not found what I >> am looking for. We are a fledgling group in this area (By way of >> reorganization and decentralization) and as the Grey Beard of the group >> I have taken it on the roll as the person looking for solutions. >> >> What I am looking for is what people have done to try and stave off an >> attack. I know it is a moving target but I am looking for tools that >> help monitoring the traffic to alert us when the traffic gets to a >> certain point, also best practices on setting up a good defense. >> >> I have read a bunch of articles that tell me what to do but I would like >> to see how its done. >> Example: >> 1. Use this tool to monitor traffic >> 2. Setup the firewall this way to this if A happens , B if this IP etc. >> >> If you want to talk offline on this it is fine. I just want to find a >> better way than changing our Public IP for our ISP each time. That just >> strikes me as changing my phoe number to stop crank calls. >> >> Thanks in advance. >> >> -- >> John J. Boris, Sr. >> >> >> >> _______________________________________________ >> Tech mailing list >> Tech@lists.lopsa.org >> https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech >> This list provided by the League of Professional System Administrators >> http://lopsa.org/ >> >> > -- > "When we try to pick out anything by itself, we find it > connected to the entire universe" John Muir > > Chris "Ski" Kacoroski, kacoro...@gmail.com, 206-501-9803 > or ski98033 on most IM services > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ >
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
