Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
reassess_blind 8 hours ago

How do you plan on mitigating a DDoS on your own servers?

djfobbz 6 hours ago | parent | next [-]

Alright kids, breathe...a DDoS attack isn't the end of the world, it's just the internet throwing a tantrum. If you really don't want to use a fancy protection provider, you can still act like a grown-up: get your datacenter to filter trash at the edge, announce a more specific prefix with BGP so you can shift traffic, drop junk with strict ACLs, and turn on basic rate limiting so bots get bored. You can also tune your kernel so it doesn't faint at SYN storms, and if the firehose gets too big, pop out a more specific BGP prefix from a backup path or secondary router so you can pull production away from the burning IP.

sedawkgrep 5 hours ago | parent | next [-]

> pop out a more specific BGP prefix from a backup path or secondary router so you can pull production away from the burning IP.

This won't help against carpet bombing.

The only workable solution for enterprises is a combination of on-prem and cloud mitigation. Cloud to get all the big swaths of mitigation and to keep your pipe flowing, and on-prem to mitigate specific attack vectors like state exhaustion.

djfobbz 3 hours ago | parent [-]

I never claimed to be an enterprise, nor did I suggest this was the best option for them. Cheers!

arsome 5 hours ago | parent | prev | next [-]

Very quickly you'll find this doesn't work. Your DC will just null your IP. You'll switch to a new one and the attackers will too, the DC will null that one. You won't win at this game unless you're a very sizeable organization or are just willing to wait the attackers out, they will get bored eventually.

5 hours ago | parent | prev [-]
[deleted]
djfobbz 6 hours ago | parent | prev | next [-]

Worrying about a DDoS on your tiny setup is like a brand-new dev stressing over how they'll handle a billion requests per second...cute, but not exactly a real-world problem for 99.99% of you. It's one of those internet boogeyman myths people love to panic about.

ramon156 7 hours ago | parent | prev | next [-]

You turn off the screen. They can't hurt you if you don't see them

slipperybeluga 4 hours ago | parent [-]

[dead]

schnebbau 7 hours ago | parent | prev | next [-]

You wait for it to stop.

FinnKuhn 6 hours ago | parent [-]

That is not what mitigating means.

solusipse 8 hours ago | parent | prev [-]

he'll politely ask them to stop