There are different types of solutions. One solution is to host in a datacenter which offers DDoS protection. The other solution would be to remotely protect your current server using an anti DDoS proxy or tunnel. There are plenty providers around here who offer the options I mentioned.
If it's only a small attack, you could try something like CSF, DDoS Deflate or BARF, depending on the type of the attack.
█ JavaPipe LLC: Global Tomcat Hosting & DDoS Mitigation Solutions
█ In business since 2001 | Contact us: salesrequest[at]javapipe.com
█ Remote Protection | Dedicated Servers | Virtual Servers | Unmetered VPS | Tomcat Hosting
Hi, please tell us more about server (protocols used) and protocols used to attack, size of attacks, max ping/latency you can live with, etc. As infinitnet rightly said you have a number of options which, if used appropriately, can diminish the effect of DDoS attacks on your operation and can (hopefully) be within budget.
For big attacks: One way to protect yourself from big DDOS attack is having a huge bandwidth:
"If your Web servers live at a Web hosting company, check in and see just much connectivity they have to major Internet backbones. If they reply on only one or two backbones providers and/or their pipes aren't that big, I'd go looking for another one. When it comes to dealing with DDoS attacks, there's no such thing as enough bandwidth." Steven J. Vaughan-Nichols on this interesting article: http://www.zdnet.com/blog/networking...os-attacks/440
Best thing is getting server which have hardware protection for ddos attacks.
Sure, but you need the network capacity as well. There's also the challenge of having mitigation centers only in one geographic location. Most transit providers don't even have the trans-atlantic and trans-pacific network capacity to carry even 30 Gbps of DDoS. Large attacks these days can exceed 100 Gbps without a problem. The only way to mitigate large attacks is to have equipment in several POPs, in at least two continents. Scrub the DDoS where it originates, backhaul the clean traffic.
As has been mentioned, the type of attack is important to understand. Typically an application or server level attack will left be up to you to resolve, but in the case of a large network flood.
Your server provider's terms of service is likely more important than any DDoS measures they provided.
I've dealt with a lot of providers and most - unless they specifically offer DDoS mitigation -- will simply null-route your IP address.
What's "large" varies from vendor to vendor. I've seen systems cut off with as little as 100Mbit inbound flows because the facility had limited connectivity. I've seen other tolerate up to nearly 1Gbit but all will pull the plug.
So, if you are a frequent victim of DDoS, I recommend:
* Understand your providers TOS.
* Understand the types of attacks you receive.
* Budget accordingly to mitigate these attacks.
* Know what tools your provider can offer in case of an attack.
* If network based, host with a provider or use a dedicated DDoS prevention service.
* Assure your technical support team knows how to handle such attacks.
In my experience, many providers would rather you cancel your servers and become another vendor's problem than help you with DDoS - especially large network attacks. So be sure your vendor can meet your needs.
We save you time, money, and frustration by handling the server management tasks required to run an online business successfully.
No prodding required. We just do it right the first time. Red Hat, MySQL, Plesk, and cPanel certified staff.