North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Mitigating HTTP DDoS attacks?

  • From: Rodrick Brown
  • Date: Mon Mar 24 23:15:26 2008
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=k3Z+9uNjVQAMH7Lh7H9YXXOvvKzCIcT4ttjgmMh05Ds=; b=ZdaT/40YLeefOpQpPV7qWVGQcdUPsWrtyRTcyNe+fvLrU5+dM4t1yvdOYEG6PRQOe6YwRm8qKQ5Jz+mV444DzFyz6R+Qb0vTpu2lOUF0S/GJE1gBGgoHPpkKpvXiwnH6JF/WEtkPL3VFUNoczEhvFICOW6/WaG510Dpq0kz28ZQ=
  • Domainkey-signature: a=rsa-sha1; c=nofws;; s=beta; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=btzzmTbpLtm/4d8s1+kBBlTDYPHp/tYovU7ZfWmZUUIhH0IRqxRFneTZ855TU7799mWZ56gax4m7OIqkUK1lCUrZmiwpSyqS8HiYGF5iMDtoLo/KRWaKv4XKpRJqNF3MncfdV7YHVyHtntcPWNbBEAxMj19h53J3+zqW17Ub5Zc=

On Mon, Mar 24, 2008 at 6:02 PM, Mike Lyon <[email protected]> wrote:
>  Howdy all,
>  So, i'm kind of new to this so please deal with my ignorance. But,
>  what is common practice these days for HTTP DDoS mitigation during an
>  attack? You can of course route every offending ip address to null0 at
>  your border. But, if it's a botnet or trojan or something, It's coming
>  from numerous different source IPs and Null0 routes can get very
>  cumbersome. obviously. How do you folk usually deal with this?
>  Any input would be greatly appreciated.
>  Cheers,
>  Mike

They're a few companies that specialize in "DDOS protection type
services" one company that comes to mind is Prolexic and their  IPN
infrastructure protection service. Prolexic will basically absorbs all
attacks filter out the bad data and then deliver clean traffic back to
your network. Its completly transparent to you're clients. Its not
cheap but i've worked with a few internet based trading companies who
used this service to litigate DDOS attacks on their network

[ Rodrick R. Brown ]