DDoS attack

October 17, 2012 11.1k views
How long do you nullroute on an incoming DDoS attack?
5 Answers
Every serious DDoS attack is very different and requires investigation to determine the origin of the attack, the type of attack and which services as well as which IPs are targeted, and also to asses the impact to the virtual server, the hypervisor, and the network at large.

We can not disclose the specifics of how we go about mitigating DDoS attacks as that information can then be used to strengthen attacks, what I can reveal is that when an attack is large enough to cause issues all of our engineers are investigating the issue together and working to resolve it as quickly as possible.
If, for example, a backend server is DDoSed, is it allowed to shutdown the instance and create another identical one from a snapshot (which should get it another IP)?
If a server is getting DDoS our first priority is to mitigate the attack to restore functionality for all customers if they were affected then to get in touch with the customer who was DDoS'd to understand what they were running and why they were targeted.

Sometimes they are the victim of an attack other times they can be running websites that break our AUP/TOS or are otherwise engaging in activity that violtes our AUP which is what drew the attack in the first place, in which case we correspond with the customer to understand the full situation before taking further action.
So what is the cause of the attack of 4th February ? My droplet has been unreachable all day.
DDOS attacks do not have a specific cause it is when an outside party targets a provider or a website and attempts to take it offline.
Have another answer? Share your knowledge.