Hi,

I've spent a lot of time developing a business that is based on co-location for high uptime of a service I provide to offices 9-5.

I was just reading in another forum about someone geting cut-off because they were DDoS'd, and then read the following in linode forums: http://forum.linode.com/viewtopic.php?t=2883&start=15&postdays=0&postorder=asc&highlight=


Am I correct in understanding that if I was to get a nasty competitor, or someone just read about me in the press, my business could be taken out instantly by a DDoS attack and that there is nothing can be done about it? Is this just a limitation of VPS?

I stress that I am *NOT* having a go at Linode here, Linode is excellent and I could not be happier with the service. I just read about another persons experience on a *different* network and realised the implication for my business.

Very surprised and worried at the thought of it to be honest! (My reaction on reading the other story was "Ohhh F***")

Is there any way to mitigate against this bar going for a fully fledged DDoS proof nuclear bunker server?

Not really. That is the way to mitigate against DDoS attacks. Well, you don't actually need a nuclear bunker, simply a large amount of bandwidth, and that exceeds Linode's price point.

_________________
Matt Nordhoff (aka Peng on IRC)

If you have a brick-and-mortar store, a disgruntled customer might drive a car through your show window. It happens. You could install steel pipes in the sidewalk, but that won't prevent an even more disgruntled customer from driving a tractor-trailer through your show window. Your best bet is not to piss off anybody in the first place, and hope that anyone who is pissed off isn't pissed off badly enough to overwhelm what defenses you have.

Even a dedicated server (or a cluster of them) can be easily taken out by a DDoS attack. There's not much difference between a VPS and your own server in that regard. Both can be made as resilient as you want by adding more servers and tweaking the software. But DDoS attacks can also be made as large as the attacker wants. If they buy a small botnet and it doesn't hurt your site, they'll just buy a bigger botnet the next time.

Some datacenters provide "DDoS protection" services, and with colocation you can also install your own specialized equipment. But even a DDoS protection service or your own hardware firewall can only handle so much traffic before it falls apart. If you want to be protected from even that, it'll cost more. It's just a matter of how much you're willing to pay for what grade of protection.