Ask Slashdot: Experience Handling DDoS Attacks On a Mid-Tier Site?

New submitter caboosesw writes "A customer of mine recently was hit by a quick and massive DDoS attack. As we were in the middle of things, we learned that there are proxy services of varying maturity to deal with these kinds of outbreaks from the small and mysterious (DOSArrest, ServerOrigin, BlackLotus, DDOSProtection, CloudFlare, etc.) to the large and mature (Prolexic, Verisign, etc.) Have you guys used any of these services? Especially on the lower price point that a small e-commerce (not pr0n or gambling) company could afford? Is a DDoS service really mandatory as Gartner now puts this type of service in the same tier as SEIM, firewalls, IPS, etc?"

Re:Best defense: Overprovisioning and cutoffs

[TWX]

You forgot a key third strategy- not posting one's dilemma and site to a popular geek news and discussion forum. At least this submitter was smart enough to not post his URL, so he hasn't gotten slashdotted...

Re:Misunderstanding

[Anonymous Coward]

...a distributed DDOS...

Would that be a DDDOS? And what would you do if it were a distributed DDDOS? I bet you'd be totally hosed then.

Re:Load balancing and an experienced sysadmin

[Zaiff Urgulbunger]

And a link to your web-server too, so we can test it! :D