Main | DOSarrest DDoS Mitigation Service »
Friday
Jun152018

How to Protect Your Servers During a DDoS Attack

Every day, servers are attacked. A distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users. How can you protect your organization against such an attack. Under a large scale attack, your firewall is not going to be able to handle the amount of traffic forced at it. You need a Transit vendor with a large network presence in multiple cities. This means that incoming DDOS attacks arrive through different upstreams and peering connections. In each city, customers are placed behind a firewall and are able to set up their own policies and rules for their incoming traffic. This setup is similar to what many other ISPs do. During regular traffic levels or a low-scale DDOS, there is no real difference between a distributed setup and a normal isp-level shared firewall. But when a sustained DDOS larger than a pre-determined amount occurs, your vendor's network operation center (NOC) is notified. Once they have determined that the attack is sustained, you have the option of going into distributed mode. Once you are in distributed mode, the vendor takes the attacked subnet of IPs and redirects it to the firewall closes to the ingress point of the attack. This distributes the attack so that it is now spread out over the capacity of the entire network instead of targeted towards a single city location.

After the DDOS traffic hits a firewall, it is inspected and dropped if necessary. The legitimate 'scrubbed' traffic is then GRE tunneled back to the city where your servers reside, where it carries on to your network. Your online presence can function normally through most high-level DDOS attacks that would have otherwise crippled your network. The following information is what I need to set-up protection asap when the attack is occuring. Basically, all traffic good and malicious is routed to our routers, where we filter and determine if the traffic is legitimate. All malacious traffic is dropped during one of our many filtering layers, the rest is sent to you from one of our proxy servers. In essence, your web server only communicates with our servers and is hidden from the general internet.

  • Step 1. Obtain a clean IP from your network provider/ISP, preferably one on  different network segment. This new IP Address will be known as your "origin server IP". Configure the fresh/new IP onto your server.
  • Step 2. Let us know via email what your new origin IP is so we can setup the configuration on our side.
  • Step 3. If you require SSL on this server, email us the cert and private key in .PEM format. This should be in plain text and may be copied and pasted and included in the "step-2" email.
  • Step 4. If you have a firewall or other ACL's in your network please ensure that you allow those IP blocks access to your servers and I will need to forward you our IP Blocks so they will have access.
  • Step 5. We will send you and IP Address. Make a DNS change to point your domain(s) to the IP Address we sent you. Ensure your TTL  is set to 5 minutes or less.
  • Step 6. Remove the old IP Address from the server.

At this stage your traffic will start finding it's way to us where we will apply the required filters and send your server the legitimate traffic. One of our engineers will be in communication with you throughtout this process, to ensure everything is functioning as expected.

That's it. All things considered, the whole process should take less than 15-minutes and we provide a 100% money back guarantee. We can be reached at woody(at)globalcoloquote.com.

 

 

COLOCATION OPTIONS


Put your servers in one of our datacenters. Global Colo Quote provides you with state-of-the-art Co-location facilities to support your growing online business. Outsourcing your colocation needs to GCQ lets you enjoy exceptional cost-savings and unparalleled reliability for greater peace-of-mind. [more...]

MANAGED HOSTING


Global Colo Quote takes the complexity out of running your online business, so that you can focus on your core business. Our Managed Hosting Quote experts take care of your IT infrastructure requirements to ensure your mission-critical sites are running online all of the time. Our vendors can handle many of your day-to-day system maintenance tasks. [more...]

IP TRANSIT AND DOS PROTECTION


Global Colo Quote offers high performance IP Transit designed for Enterprise applications requiring the highest level of performance and resiliency. Available speeds are 100Mbps up to 10Gbps and commitment levels start at 1Mbps. We offer DoS protection for organizations that are prone to medium to large scale attacks [more...]