DDoS Attacks And Your Choice of Firewall

Yesterday the servers of Dyn, a major DNS host were the victim of a Distributed Denial of Services (DDoS) attack.  If your web hosting company’s DNS servers are attacked there is not much the average website owner can do.

On the other hand, if your website is attacked, a lot will depend upon the type of Web Application Firewall (WAF) you have.  Some Web Application Firewalls are implemented as a WordPress plugin.  Unfortunately, they reside too high up in the stack to do you much good.

Other firewalls (both hardware and cloud-based) are external to your web server. All traffic goes to your firewall instead of directly to your web server. The firewall then forwards the ‘good’ traffic on to your web server. This type of firewall CAN mitigate a DDoS attack.

Keep in mind however that noting can mitigate a really huge DDoS attack. If you are a controversial internet figure, then more resources can be brought to bear against you than you can muster to defend you. If that is the case then the best course of action is to redirect incoming traffic to a black hole (127.0.0.1) and wait out the storm.