Will the maximum speed of a network card reduce the impact of an incoming DDoS attack?
Solution 1:
I’m wondering if the maximum speed of a network card would reduce the chances of a DDoS affecting a home-hosted website.
Not really. Perhaps the network bandwidth could be saturated to the point of the network connection being unusable, but a faster network connection would not prevent that from happening. It would only delay the inevitable by seconds/minutes.
The core detrimental impact of a DDoS attack is not really the network connection itself but rather the services behind it. Meaning if you are running a classic L.A.M.P. stack website (Linux, Apache, MySQL & PHP) then a DDoS attack would be most detrimental to those services. And the impact would hinge on the way the site is coded and how those subsystems work.
For example, let’s say your site uses tons of database calls. And you really only tested it on your desktop development environment where you are the sole use. Then the reality is that even a minimal amount of traffic could cause your database server to choke based on the basic engineering of the site. Similarly, if you are using pre-canned CMS systems or frameworks, let’s say someone discovers an exploit to that CMS or framework, then they could just pummel your site based on that exploit and next thing you know… Your site is down.
Basically, I am focusing on the database (MySQL) aspect based on my experience of doing 20+ years worth of web development, engineering and Linux systems administration. And as I move into the world of Ruby-on-Rails and apps that use MongoDB as a datastore I see similar issues. Generally, the database is pretty much the weakest link on a dynamic website and the lack of proper configuration/optimization will bring your site down faster than you can imagine. I once managed a site where the developer made 400+ (!!!) individual MySQL calls for one simple page; and the developer was oblivious to the fact that 400+ calls to MySQL would slow the page down. Details like that matter.
So if DDoS is a concern—but you don’t feel like performance tuning your base web server software install—I would recommend pumping up the RAM on that server and perhaps having faster hard drives installed. Past that, network card speed is a non-factor at best.
Solution 2:
Basically no. There are several DDOS types of attacks, some of which require very little bandwidth. For example, a syn attack in which the attacker sends a syn packet to your site saying "Hey, I want to establish a connection." Your server reserves a small amount of memory and sends a syn-ack reply. The address was spoofed so it goes nowhere. The attacker just rinses and repeats and it requires very little bandwidth on their side. Meanwhile on your server, it keeps allocating memory to establish the bogus sessions that it basically runs your server out of RAM. This is only one type of attack and some servers are resistant, but there are many other types. It isn't the LAN port that gets saturated in these types of attacks, it is your server RAM.