CanadaCyber: DDoS protection & mitigation methods.
People come to us and are always say we can’t protect against DDoS, we always say to them yes you can with the proper network implementations.
Let’s say you own www.coolpage.com and that is pointing to server that is located within your DMZ at Ip address 22.214.171.124.
In your DNS and name server you have listed www.coolpage.com to point to the server @ 126.96.36.199 using A record with a certain time to Live ( TTL ) lets say 1 week.
All a hacker (Attacker) has to do is target that IP or Domain name.
We have 2 types of attackers that will try to target you, ones that will target the IP 188.8.131.52, knowing that this is your main server. And the less informed hacker that will target your domain name www.coopage.com.
This is how CanadaCyber mitigates this threat. First of all you should never use A record pointing to your core server. What you should have is a series of proxies that will balance the traffic. By doing this you have 2 advantages, first caching your content and 2nd dislocating your core server from your domain name via redirection.
So the way you achieve this at a very basic level is by buying a numbers of servers that will just redirect your traffic to your Core IP, and then you program these IPs as the A record holder.
When you do get attacked you can easily change the A record. the other thing is within your a record insure your TTL is setup for a very small number, as this will allow you the ability to move A records allocations on the fly to different IPs, that will then redirect to your main server IP.
Proxy servers are very cheap if setup by educated staff internally, as you can buy an amazon EC2 or Linode server for less than 15$ a month that can do this job. It can be a full fledge proxy or just a basic IPTABLES DNAT table.
For the Geek at heart, you can also setup your own name server or have access to name servers that you can use for DNS resolution. Adding this with the above information you will have a robust DDoS mitigation plan, which will insure you have continuation of services. So if your IP, Domain name or name servers are attacked you can still deliver services.