if not a secret, then how the infrastructure of anti-DDOS services like qrator.net is built

U

unsobill2012-11-28 08:22:00

DDoS Protection

unsobill, 2012-11-28 08:22:00

It is clear that the anti-ddos solution itself is most likely written by the company itself and is probably a secret, but I wonder what their infrastructure looks like as a whole from the position of a system integrator/engineer...

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

P

Puma Thailand, 2012-11-28
@opium

Yes, just like everyone else.
Racks with servers + routers + bgp + thick 10 gigabit channels from several providers.
In terms of infrastructure, almost everyone has everything standard. As they say, all the charm is in the software.

S

subvillion, 2012-11-28
@subvillion

If it’s quite simple, they expose their servers on thick channels as fronts. On servers there are proactive IDS analyzing traffic. Valid traffic goes to the client's server, invalid traffic stays.

L

Linco, 2012-11-28
@Linco

Usually, such systems are built as follows: traffic is wrapped via DNS to a server farm on thick channels, there is actually a simple proxy + special software (hardware / software systems) for analysis and filtering. In the normal state, statistics are collected about the attendance of the resource, who, when, where and how much goes when deviating from the parameters, it is considered an attack and begins to clean.
As such, this is not an IDS, the principle of operation is different. and intended IDS for another.
All traffic can be deployed (for example, BGP), but it will have to be returned through the tunnel. (Kaspersky). And it is not always possible to do this.