amatai/DDoS.md

Last active September 1, 2016 18:36

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/amatai/3e61b7089a3fdcee1614716822ace344.js"></script>
Save amatai/3e61b7089a3fdcee1614716822ace344 to your computer and use it in GitHub Desktop.

Download ZIP

DDoS Mitigation Ideas

Raw

DDoS.md

Layer 3 level

TCP vs UDP
Do we need any UDP at all ? NTP/DNS ?
Open Ports 443, 80, 25, 465, 587, 2525

Known Problem:

ELBs don't scale very fast. What happens during DDoS?

Mitigations by AWS

Route53 monitors health of ELB instances and if it is fails because DDoS targetting particular instance, it will remove it from pool, good traffic continues.
ELBs drop all packets that are not defined in the security group.

Ideas

Separate out HTTP & SMTP ELBs.
Can we ban IPs at ELB?
Other ELB capabilities
Security Group Configuration

Arbor types: Imperva, Prolexic, Neustar, Nexusguard, Blacklotus, Incapsula,

Resources

fail2ban cloudflare

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment