This is a two part question, really. Keep in mind that I am a developer not a system admin, but being the only employee in the company, I wear ALL the hats.
I have deployed my server with two firewalls running on CARP for load balancing/redundancy plus about 40 computers for database and other backend application needs. As a start up I want to save some money by mitigating damages of a DDoS attack without paying my ISP for a business dedicated internet on top of DDoS protection. I KNOW YOU CAN'T TOTALLY protect against DDoS. I just want to mitigate damages until my App starts making money and then I can let the ISP deal with the headaches.
In that spirit, I was wondering if anybody ever implemented a solution of where a script (maybe through cron) would change the PF rules based on current usage. For example, if there are too many half open connections from millions of IP addresses I would like to tell PF to go into SYN-Cookies mode and then when the attack is over (or some time has passed) to go back to normal.
I cannot use Cloudfare because I am running a backend for an App and 99% of the content is not static. I could do cloudfare for the website of the app but that's about it.
To reiterate, money IS AN ISSUE. I am currently using FIOS Business and Verizon will not provide DDoS protection on that type of line.
Last thing, has anybody experienced drastic issues after enabling SYN-COOKIES/SYN-PROXYING. Give me real story. Please.
PS I do not want to start a debate about SYN-PROXYING vs SYN-COOKIES!
No comments:
Post a Comment