Protecting Against DDOS -cloudflare.com

office politics

It's all just 1s and 0s
Messages
6,555
Location
in the lab
interesting post describing one type of DDOS and how Cloudflare mitigated it. I'd like to find info about squarespace's techniques for this since they tout that no one will be able to DDOS their servers.

How to Launch a 65Gbps DDoS, and How to Stop One - CloudFlare blog

quoted:

In terms of stopping these attacks, CloudFlare uses a number of techniques. It starts with our network architecture. We use Anycast which means the response from a resolver, while targeting one particular IP address, will hit whatever data center is closest. This inherently dilutes the impact of an attack, distributing its effects across all 23 of our data centers. Given the hundreds of gigs of capacity we have across our network, even a big attack rarely saturates a connection.

At each of our facilities we take additional steps to protect ourselves. We know, for example, that we haven't sent any DNS inquiries out from our network. We can therefore safely filter the responses from DNS resolvers: dropping the response packets from the open resolvers at our routers or, in some cases, even upstream at one of our bandwidth providers. The result is that these types of attacks are relatively easily mitigated.

What was fun to watch was that while the customer under attack was being targeted by 65Gbps of traffic, not a single packet from that attack made it to their network or affected their operations. In fact, CloudFlare stopped the entire attack without the customer even knowing there was a problem. From the network graph you can see after about 30 minutes the attacker gave up. We think that's pretty cool and, as we continue to expand our network, we'll get even more resilient to attacks like this one.
 
Great post, what made you want to implement this kind of set up? Do these websites see attacks often? I'd love to know some statistics from an actual Net admin
 
Back
Top Bottom