Preventing DDos attacks

Last week we had our first DDOS attack. I have no idea why somebody is ddos-sing us, but i will certainly try to prevent it from doing any damage again.

In this attack there where about 800 active zombies sending massive amounts of request + udp packets. I build a simple script which detects this behaviour and blocked the zombies. But for the future i would like to have some autamated blocking / analysing.

So i looked for some solutions:

I found 2 alternatives for now:

1) Using the a cisco PIX 323 firewall with a cisci IDS 4210 (intruder detection system) behind it.

2) the guard / detector setup of riverhead.com, who claim to have the most advanced anti ddos system.

My question is. Is there anybody who has experience with a setup like above or maybe another solution to ddos. What are the pro / cons of such an setup.

Can somebody indicate roughy what number of bits / request / packets i can expect size of a common 'big ddos' attack.

Thanks,

Jeroen Hofstee

 

 

 

 

Top