anti-dosing protectiondatacenter

[Bombel]

 

Hello, I'm at the stage of building a small datacenter and the question arises how to protect servers against attacks. I am interested in a solution that will not block ip. any suggestions?

[kirashi]

11 minutes ago, Bombel said:

Hello, I'm at the stage of building a small datacenter and the question arises how to protect servers against attacks. I am interested in a solution that will not block ip. any suggestions?

 

 

Erm, you'll eventually want to block based on IP address, however, when you first implement an Intrusion Prevention System it is indeed good practice to train it on what normal traffic looks like before letting it detect & block attacks. DDoS protection options include both hardware and software-based solutions, both of which server their own purposes, so you'll definitely want to research available options based on the architecture & requirements of your data centre and/or clients.
https://en.wikipedia.org/wiki/DDoS_mitigation
https://www.fortinet.com/products/ips.html

https://www.pcworld.com/article/144634/guide_network_intrusion_prevention_systems.html

[maxdei]

17 minutes ago, Bombel said:

 

Hello, I'm at the stage of building a small datacenter and the question arises how to protect servers against attacks. I am interested in a solution that will not block ip. any suggestions?

you will have to block some identificaion method that could be the MAC or the ip you could set a ban limit first a few sec then mins then hours then days then month then forever

you could prevent the server from sending the same file to the same user allot of times (that is how dos works and ddos is dos just with multiple users) often some certifactes you can't prevent all users from getting because the browsers would block you for good reasons 

[Falconevo]

3 hours ago, Bombel said:

 

Hello, I'm at the stage of building a small datacenter and the question arises how to protect servers against attacks. I am interested in a solution that will not block ip. any suggestions?

You should really speak to network specialists about this and the ISPs you plan to be peering with to see what they do/don't support.

I can suggest some additional reading for you;

FastNetMon for detection based on custom parameters and upstream black holes to reduce network infrastructure impact

BGPFlowSpec for more advanced upstream black hole rules to allow known good traffic types etc

 

I would also suggest you to avoid trying to mitigate/filter attacks until you have 200Gbit/s+ of internet bandwidth capacity at a data centre.  Considering you are asking this question, it is doubtful you have capacity to handle even a small attack.  Write it in to your terms & conditions regarding what you would do in the event of an attack.
 

[WereCatf]

4 hours ago, Bombel said:

 

Hello, I'm at the stage of building a small datacenter and the question arises how to protect servers against attacks. I am interested in a solution that will not block ip. any suggestions?

Cloudflare is a popular choice.