A comprehensive resource to the world of distributed denial of service attacks and their prevention
Traditionally there has been very little accurate information easily available on the internet with the majority of professionals holding onto information in fear of divulging their trade secrets, or worse disseminating bad information to enhance the perceived value of their own.
As this guide develops you'll find basic information concerning DDoS, recommendations, and outside resources to ensure you do not become the next victim.
Table of Contents
Feedback to the author
Have something to say? Do it!
Your comments, concerns, and most importantly input and personal experiences on the subject of DDoS attacks are much appreciated. Feel free to review solutions providers and tell fellow viewers what is and is not effective.
-
Reply
- ElizabethJeanAllen ElizabethJeanAllen Mar 24, 2008 @ 7:13 pm
- We've all fallen victim to DDoS attacks at one time or another. Its nice to have someone on our side.
Great Lens. *****
Liz
Commentary
The author's picks on interesting news articles, commentary from TheCommentator
- Researcher: Russian hosting network runs a protection racket
- The hacking and extortion group known as "Russian Business Network" has been found to be operating a protection racket where their subsidiary Akrino, Inc. is launching attacks and then offering protection to the same persons. A very interesting read.
- 27 Charged as Prosecutors Say Huge Internet Gambling Ring Is Broken
- Aside from being an inherently interesting article of particular interest is the naming of mitigation provider Prolexic Technologies, Inc. as a conspirator in this case.
Solutions Providers
For profit companies providing DDoS protection solutions
- Size: Are you dealing with a legitimate company or a mom and pop shop? While size is not everything, it can sometimes be an indicator of a fraudulent operation.
- Location: Is the provider outside your country? Do you have recourse in the event of a bad deal or are you being taken to the cleaners?
- Claims: Does the provider offer a guarantee? This is actually a bad sign as no provider can absolutely guarantee protection against an attack. DDoS is ever evolving and providers can infact become caught off guard or overwhelmed. Also beware of appliances that can supposedly do everything as these are often marketed by unqualified "engineers" looking to make a quick commission. Think used car salesmen.
- Time in Business: Do a WHOIS on the domain name (check out whois.sc) and make sure the company is not a fly by night operation.
- Reputation: Ask around on forums about the company's reputation. Web Hosting Talk is a good place to start.
- Black Lotus Communications
- The longest standing and most experienced enterprise solutions provider for DDoS mitigation. At this moment due to recent developments in the DDoS protection community Black Lotus is one of the only providers I am recommending.
Black Lotus now has it's very own Enterprise grade network with very reasonable prices. It's worth checking out. - BLCC Gold
- Cheaper version of Black Lotus for low end protection solutions. This subsidiary accepts WebMoney and Liberty Reserve as payment.
- SecureServerTech
- Another highly recommended DDoS protection hosting company with very good prices.
- Litespeed Technologies
- Software provider offering a highly resiliant anti-DDoS web server. This Apache replacement works along side major control panels such as Cpanel and DirectAdmin (verified by author) and significantly increases protection over Apache alone and significantly outperforms modules such as mod_evasive and mod_security.
- Staminus Communications
- Provider of value priced servers with some DDoS protection options.
Resource Links
Other informitive guides on the subject of DDoS protection and mitigation
- DoS and DDoS Attack Guide
- This resource originating from a Pakistani researcher has proven one of the most comprehensive to date although providing some information for which the author of this Squidoo disagrees.
- Russian Business Network (blog)
- An in depth analysis of one of the most dangerous criminal organizations currently involved with DDoS attacks. Extremely interesting read, especially if you've received extortion letters and offers of "protection" of Baltic origin.
Del.icio.us Feeds
See what others are saying
- Twitter, Facebook attack targeted one user | InSecurity Complex - CNET News
- Защищаемся от HTTP DDoS и прочих Хабраэффектов / Информационная безопасность / Хабрахабр
- Slowloris HTTP DoS
- Nuclear Elephant: mod_evasive
- (D)DoS-Deflate
- DIY: Defending Against A DDoS Attack - DarkReading
- Блог / Highload Lab. / Компании / Хабрахабр
- Highload Lab
- Verbophobia | Twitter down due to DDoS
- How To Defend slowloris DDoS With mod_qos (Apache2 On Debian [Lenny]) | HowtoForge - Linux Howtos and Tutorials
News
DDoS in the media
- BlackBerry security exec warns of smartphone DDoS attacks
- Traditional DDoS attacks occur when hackers take control of large groups of computers and then order...
- Scientology Attacker Gets Prison Time 366 days in jail for ddos
- Hacktivism is a common form of protest on the Internet and Denial of Service is one of the preferred...
- Teen Jailed for DDoS Church of Scientology
- By Kevin Parrish, published on November 19, 2009 at 5:30 PM A teen is going to prison for participat...
- DNS Problem Linked to DDoS Attacks Gets Worse
- ISPs are distributing consumer modems that could be used in DDoS attacks, researchers say. Robert Mc...
