Anti-DDoS Question [duplicate]

Our company´s main owner (telecon group) wants us to deploy anti-DDoS mechanisms, such as Arbor Pravail, which is a great idea.

Although... I have a question... If our main ISP Backbone provider have no anti-DDoS mechanism, means that there is no point we get the Arbor Pravail?

An DDoS attack can make damage uniquely the destination IP or to the whole network that the DDoS packets go through?

Regards,


Solution 1:

It's not really possible to reason about this with the information given. DDoS attacks can range from a few megabit per second to many gigabits -- it all comes down to how sophisticated and resourceful an attacker you want to protect against.

If our main ISP Backbone provider have no anti-DDoS mechanism, means that there is no point we get the Arbor Pravail?

Mnn, not quite. If your hosting center has decent uplinks, and you're deploying an anti-DDoS appliance, then there is a good chance that you would remain online during a small and/or unsophisticated DDoS attack. However, if you are hit by a large attack, then any single-device solution will not be enough.

DDoS attack can make damage uniquely the destination IP or to the whole network that the DDoS packets go through?

Regardless of where the damage is seen, the solution often involves both finely targeted null-routing on the upstream ISP's network and local measures. Thus if your ISP really has no DDoS response capability, then you're at a disadvantage. But are you sure this is so -- have you asked them?

Just a side note, there are ISPs who specialize in providing connectivity with DDoS mitigation services built in. Examples might be Prolexic or Black Lotus; there are several others. If you feel at risk of being DDoS'ed, then using this kind of provider might be worth looking into.

Solution 2:

Any network that the DDOS attack transits is going to feel some affect of the DDOS attack, based on the assumption that the DDOS attack is volume based (a very large number of packets in rapid succession). Whether or not it's detected as a DDOS attack or as just a large volume of traffic is probably dependent on the technologies employed at the upstream links/routers. If the attack is targeted to a specific destination ip address or ip address block then the attack is probably going to look like any other traffic to the network that the attack is transiting except that it's going to be a very large volume of packets. How much effect that has on upstream links/routers is going to be dependent on how robust those links/routers are.