We get attacked constantly. We have had to invest in a Riorey DDOS firewall. The units about 3k and then supports about a 1k a year.
Our last attack about a month ago was quite sophisticated
If your interested here is their report which shows the length these arses go to
########################
RioRey assisted #### to mitigate a DDoS attack around the time period of #### through ###, 2011. This attack is technically interesting because it is the first observed event of a new HTTP attack see more variant. In this report we will be using the RioRey DDoS Taxonomy to classify the attack.
The attack can be decomposed into two parts:
a) standard SYN floods (type 1) using non spoofed source IP
b) modified HTTP Excessive Verb (type 11) attack
Approximately 10,000 bots were used in this attack, however, the modified Excessive Verb attack was skillfully done that made initial identifications difficult.
Part a, SYN flood:
The SYN flood used were predominately bots with Latin American IP addresses. These bots would repeatedly send SYNs in bursts, then pause, and repeat. Most of the Bots when active was sending several hundred SYNs per minute, but some were running around 50 SYNs per minute, which are close to normal activity levels for a graphics intensive page.
These SYN attackers were easily identified and blocked, and it is interesting to note that a few of these Bots continues to attack for several days even though they have been blocked and rendered ineffective. We speculate that the bot controller has either lost control of these bots or lost interest in managing the attack at the end.
Our last attack about a month ago was quite sophisticated
If your interested here is their report which shows the length these arses go to
########################
RioRey assisted #### to mitigate a DDoS attack around the time period of #### through ###, 2011. This attack is technically interesting because it is the first observed event of a new HTTP attack see more