DDOS: How can you Protect your Applications and Networks?

DDoS incidents can cost you up to $50,000 per attack, while attacks that peaked greater than 300 Gbps jumped by more than 500% in 2018.

The good news is you can do a few things to cover yourself (such as using access control lists) - here's my guide on how to protect against DDoS attacks, starting with a few basic tools:

Rate limiting

If you have a router or firewall you can look at rate-limiting the traffic that's able to go through that device.

Filters and access control lists

Another method is putting in place filters and access control lists that drop malformed or spoof packets- you can look at dropping the thresholds for things like SYN floods and ICMP floods.

While these methods won't completely protect your network and devices, they can buy you some time to introduce some more long term DDoS mitigation solutions. 

The black hole

You can ask your upstream provider or service provider to 'black hole' the traffic towards that target device. While this takes the device offline and effectively does the DDoS attack's job for itself, it does protect the rest of your systems and applications from the attack and allows you to keep the rest of your customers online. 

A safer DDoS protection solution

The better, long term solution is a DDoS mitigation service. This sits upstream from your network and actively inspects all traffic flows towards your applications and devices. 

We look for any suspicious or odd traffic behaviours and will actively block any attacks before they even reach your network. From the product you will just have a clean feed of legitimate traffic towards your devices ensuring that any attacks are blocked well before they can have an impact on your system. 

For more information, see our featured DDoS solutions.