What can be done to prevent DDOS attacks?

[chatterbox]

I was just reading a post where they mentioned that their host had gone through two or three DDOS attacks within a year. Isn't there security things that can be put in place to prevent DDOS attacks or do hosts have to just hope for the best?

 

[romes]

Yes, there are companies out there that provide support for DDOS attacks. WHT using a company like that to protect them.

 

[siforek]

WHT using a company like that to protect them.

Now, or then? LOL

There's tons of security consultants out there. In this business you want to be best friends with them

 

[HostLeet]

Start by securing your servers with both hardware and software. A well secured server can withstand DOS or DDOS attacks, for the most part.

Nothing is 100%, though. Bad things can still happen, but it definately helps.

 

[SenseiSteve]

Even the best anti DDOS providers still have problems -considering that 4 to 6 million computers are infected with botnets aiding in these attacks.

 

[postasite]

Even the best anti DDOS providers still have problems -considering that 4 to 6 million computers are infected with botnets aiding in these attacks.

Well said Steve, If only home users would turn on automatic updates on their windows boxes and others would patch their buggy software scripts as required it would help enormously.


-chris

 

[csn-uk]

Both the network and physical (hardware) and software firewalls often prevent a lot of the flak from DDOS attacks although its often the software or scripts clients use that put a large load on the server that are then exploited by those who carry out the attacks.

Most of the time the only solution is to constantly monitor and nullroute the domain or port or offline the server in the worst case scenario if it contains important data that is more important than keeping it online, which I would imagine to be the case.

Being proactive in monitoring your clients scripts and the server loads is the only real solution other than the obvious security measures.

 

[ldcdc]

Isn't there security things that can be put in place to prevent DDOS attacks or do hosts have to just hope for the best?

Prevention and mitigation are different things.

As a webmaster, prevention would be things like staying out of conflicts, refrain from personal attacks etc. As a host, it would be not boasting about the invulnerability of your systems, not hosting high risk websites (think warez etc.), not providing unnecessary details about your protection systems etc.

If your site is under attack and you need help to still keep your site up and running, companies like gigenet, blacklotus provide proxy based DDOS protection, meaning you get to keep your site where it currently is, and they filter the requests for you. It might get expensive, depending on the size of the attack.

 

[carlowen]

Hardware and Software Firewalls are certainly a good option to Prevent Server from DDOS attacks. However, if you would like to have total Security from DDOS attacks then "Proxy Shield" is the best option.

Proxy Shield is basically a Technology which allows a Server owner to create a "Wall" between the Internet and the Server and this wall can Stop all the Malicious packets from the Internet. If you have Proxy Shield for your server then you do not need a Hardware or a Software Firewall. It is kind of a Service and not a Hardware Device or an Application and hence you will be able to stop this Service once your server has gone through the Attack.

As everything has a drawback, Proxy Shield also has one. Proxy Shield which is a Service is very Expensive (confirm with the hosting provider) in comparison to a Hardware or a Software Firewall and hence it is very difficult to afford it.

Hope this helps

 

[rumsfo]

Today on the WHT I have seen intersting post with the list of web hosts and there were subdir for the DDOS protected web hosting services. I assume that you can look through them and learn the solutions they offre against DDOS attacks
Cheers

 

[Antolage]

There are many software solutions, but the best thing is to get good cisco firewalls connected.

 

[hostgoza]

fortunately, we have never got it so far!

 

[chatterbox]

Lots of interesting answers and information in this thread. I know that my host is extremely knowledgeable in this area so I'm sure they know how to handled something like this. I was just curious because I've seen so many horror stories about this type of thing.

 

[The-Pixel]

I don't feel there is a definite way to prevent against a DDOS attack. If your dealing with a bored teenage then you might be able too. More and more you are seeing articles about botnets and other tools such as those. Preventing against a botnet is nearly impossible.