Accessing a site (which is) under a DDoS

Many operators (most I hope) use back-door network connections, such as a modem through a terminal server at the site. There are lots of variations on this theme, but that's the easiest way to do it, and has the advantage of giving you access to your network if there's a network or hardware problem affecting your connectivity.

Another option is working with your ISP to shut down all traffic except traffic coming from your particular netblock or IP address; that's a simple change, and most tier-1 ISP's will be able to help you with this under emergency circumstances.

There are also commercial cleaning services like Verisign's DDoS prevention product that can divert all of the traffic, remove the DDoS traffic in particular, and send the result back to your network. This can be done via DNS or (better) BGP.

Finally, not all DDoS attacks are just packet cannons. If you're being attacked with something like an SSL resource exhaustion attack or one of a bunch of similar high-level attacks, your SSH connection into your webserver may still work just fine. Then again, it may not, if it's that server itself that's overloaded and spinning at 100% CPU. A solution to this problem is to get an SSL offload device and put it in front of your server(s). Planning a high-availability site like this takes some thought, but you will definitely get better results.


If Alice is just a user of information on the site, she doesn't have any alternatives unless the site administrators have prepared other access methods.

Check out David's answer here for one solution - the mitigation partner. This requires an upstream entity, such as the ISP, to reroute DDoS traffic (as Steve Dispensa said)

An alternative may be to provide important users with secondary routes to access the website

Yet another could be to limit access to connections from pre-approved IP addresses and drop all other traffic at the perimeter router.


The simplest solution would be to find a cached version of the page she's trying to access.

Assuming Alice doesn't need to login to find the information.

Tags:

Ddos