Someone recently asked me why is it so hard to deal with a DDOS attack. Simple trying to detect the pattern of the attack. But it all comes down to 3 things.
1. Use a product that allows Service Provider XYZ to detect and mitigates a DDoS attack.
2. Service provider XYZ then securely sends the attack “fingerprint” to the relevant upstream providers affected by the attack.
3. After securely receiving the fingerprint, the information is used by the upstream ISP to trace back, analyze and mitigate the attack, thereby identifying and removing the infected hosts as close to the source [the Internet-based ingress point] as possible.
I have only seen one product that could do this and its the Arbor Networks’ Peakflow SP. I used it on one of the largest networks in the world and it works. As do other large carriers. Keep in mind most carriers are not affected by the DDOS attack (we have the bandwdith). Its the tier2 user and the end customers.
So if you want to make sure you never get hit by a DDOS attack make sure your providers tier1 supplier has the right support in place in case you do get hit and the right preventative measures in place to begin with.
Oh What is a DDOS attack?
Who are Arbor?