CanadaCyber: DDoS protection & mitigation methods.
People come to us and are always say we can’t protect
against DDoS, we always say to them yes you can with the proper network
implementations.
Let’s say you own www.coolpage.com
and that is pointing to server that is located within your DMZ at Ip address
11.22.33.11.
In your DNS and name server you have listed www.coolpage.com to point to the server @
11.22.33.11 using A record with a certain time to Live ( TTL ) lets say 1 week.
All a hacker (Attacker) has to do is target that IP or
Domain name.
We have 2 types of attackers that will try to target you, ones that will target the IP
11.22.33.11, knowing that this is your main server. And the less informed
hacker that will target your domain name www.coopage.com.
This is how CanadaCyber mitigates this threat. First of
all you should never use A record pointing to your core server. What you should
have is a series of proxies that will balance the traffic. By doing this you have 2 advantages, first caching
your content and 2nd dislocating your core server from your domain
name via redirection.
So the way you achieve this at a very basic level is by
buying a numbers of servers that will just redirect your traffic to your Core
IP, and then you program these IPs as the A record holder.
When you do get attacked you can easily change the A
record. the other thing is within your a record insure your TTL is setup for a
very small number, as this will allow you the ability to move A records
allocations on the fly to different IPs, that will then redirect to your main
server IP.
Proxy servers are very cheap if setup by educated staff
internally, as you can buy an amazon EC2 or Linode server for less than 15$ a
month that can do this job. It can be a full fledge proxy or just a basic
IPTABLES DNAT table.
For the Geek at heart, you can also setup your own name
server or have access to name servers that you can use for DNS resolution. Adding
this with the above information you will have a robust DDoS mitigation plan,
which will insure you have continuation of services. So if your IP, Domain name
or name servers are attacked you can still deliver services.
