How to prevent DDoS attacks? [duplicate]

Solution 1:

If you've got a budget for this, a proper decent budget, then you should investigate the possibility of hosting your own servers, in colocation.

Then you'll have full control over the network, routing and firewalling, as well as the servers. You'd be able to arrange transit connectivity and peering (as required), but more importantly, you'd be able to use a cloud-based DDoS mitigation mechanism, known as a "clean pipe" provider.

That said, you might be able to do that as it stands, depending on what your dedicated host will allow you to do. -- I haven't looked very hard, but I suspect you'd need to find a host that would allow you to utilise a proper dedicated firewall to connect to the clean pipe service.

A Clean Pipe basically is where the traffic to you is tunneled (with GRE) to a service provider in the cloud (who have LOTS of bandwidth), and firewalled and filtered, before being tunneled back to your network.

DDoS mitigation is notoriously difficult, because generally by the time the traffic reaches you, it's already saturated the link to your server, so the only thing to do is have your service provider block it when it reaches their edge.

Solution 2:

Basically, you've got only two solutions as said earlier. Either you have a budget to host yoursef and then create an infrastructure able to absorb and filter DDoS traffic.

Or you can search for a hoster with this kind of technical solution on its network like OVH.com which provide a CleanPipe solution named VAC (stand for vacuum) and which seems to be able to absob a DDoS of about 160 Gbits/second.