A article I wrote on attempting to do this yourself (without cloudflare/other services) is here: <a href="http://harknesslabs.com/post/38104429912/fighting-spoofed-syn-and-udp-floods" rel="nofollow">http://harknesslabs.com/post/38104429912/fighting-spoofed-sy...</a><p>Its much easier to use cloudflare, but sometimes it just not possible to use them (it wasnt for us, due to needing hardcoded IPs in our DC)
tl:dr Used cloudflare for DNS and Level3/Blacklotus for network filtering.<p>In DDoS attacks you have three models:
On-Prem: Buy hardware and big fat internet pipes to filter traffic (expensive / time \ resrouce intensive)
Hybrid: On-Prem devices that can mitigate X/Mbps and then starts announcing your routes after X to their cloud scrubbing centers which can filter it at a much higher capacity (best option)
Cloud: Full on filtering by a provider where all your traffic goes through their scrubbing centers full time (usually adds latency, extremely expensive)<p>The hybrid model is the best and what most companies are going to as it allows you to filter smaller attacks out with little cost as well as scaling up to large 100 Gb/s+ attacks without having to buy massive amounts of hardware/transit.
DDoS is becoming an increasing pain lately.<p>If you only care about HTTP/HTTPS traffic, you can get very solid DDoS protection at cheap prices. We use and love the Sucuri ( <a href="https://sucuri.net" rel="nofollow">https://sucuri.net</a> ) which starts at $9.99 per month.<p>Some friends have good success with Incapsula and CloudFlare, but they get a bit more expensive to get full protection ($60 per month on <a href="http://Incapsula.com" rel="nofollow">http://Incapsula.com</a> ).<p>All 3 can cover 99.9% of the people that doesn't expose SMTP/POP/FTP/DNS and other services.<p>If you run these yourself, BlackLotus.com and Arbor Cloud are a great help, but their prices start at 5 digits per month.
The irony is that this website seems to be down right now.<p><a href="http://downforeveryoneorjustme.com/blog.fastmail.com/2015/12/08/how-to-stop-a-ddos-attack/" rel="nofollow">http://downforeveryoneorjustme.com/blog.fastmail.com/2015/12...</a><p>Not sure if it's due to DDOS, but it's definitely not working on my end.
When I was working for a startup that was getting DDOS the only thing that stopped it was this service.<p><a href="https://www.dosarrest.com/" rel="nofollow">https://www.dosarrest.com/</a>
Cool article... how about "Dead or Alive" bounties for the people responsible? I'm only half joking, but given the distribution of the people responsible, and how much like the "old west" attacks on the internet today seem to resemble, not sure how bad of a solution it would actually be.
'A botnet consists of many (usually hundreds or thousands) of normal home or work computers [running Microsoft Windows] that have malicious software installed on them.'