Providers that protect against DDoS attacks
Akamai
Akamai [11] operates one of the largest content delivery networks (CDNs) worldwide and uses its network to offer DDoS protection in the cloud. In addition to the DNS and BGP variants, Akamai sells proxy protection, which places your individual applications (e.g., ports on IP addresses) under their protection.
Like Link11, the Prolexic Connect product provides data centers with the option to slip under the wing of CDN (Figure 2). Like Link11, Akamai structures the billing model as a subscription and uses the 95th percentile of clean or normal incoming traffic to calculate a price. In the BGP variant, the number of /24 networks and the number of protected sites still play a role.
Conclusions
If you run your infrastructure with AWS, you will be grateful for the basic protection provided. Advanced protection is quite pricey, though. You should consider whether Amazon's presence is so relevant for your business that it justifies a premium of more than $3,025 per month. The option to pay per attack can quickly have an adverse effect on the purse of the victims. If you want to get away from Amazon completely, you need to look around for another provider in terms of DDoS protection.
The information in this article can probably steer you in the right direction, but it does not present a universal solution. Because the pricing structures differ considerably between providers, you should first analyze your own threat situation closely. Have you already experienced attacks or been threatened with attacks? If so, was the entire company threatened or just one department? In the latter case, even Amazon can be useful, especially if the volume of regular traffic is not too high.
Even if you do not take precautions against DDoS attacks with specific measures, you should at least have a contingency plan up your sleeve and discover your options beforehand. Link11 and Arbor offer emergency links on their websites in the event of an attack. For those at risk, there is no time to lose.
Infos
- NetFlow: https://en.wikipedia.org/wiki/Netflow
- sFlow: http://www.sflow.org
- Ipfix: https://tools.ietf.org/html/rfc7011
- Border Gateway Protocol: https://tools.ietf.org/html/rfc1772
- Flowspec: https://tools.ietf.org/html/rfc5575
- Netfilter Conntrack memory usage: https://johnleach.co.uk/words/372/netfilter-conntrack-memory-usage
- A10: https://www.a10networks.com/products/thunder-series/ddos-detection-protection-mitigation
- AWS Shield: https://aws.amazon.com/en/shield/
- Arbor: https://www.arbornetworks.com/ddos-protection-products
- Link11: https://www.link11.com/en/
- Akamai: https://www.akamai.com/us/en/resources/ddos.jsp
« Previous 1 2 3 4
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Fedora Asahi Remix 41 Available for Apple Silicon
If you have an Apple Silicon Mac and you're hoping to install Fedora, you're in luck because the latest release supports the M1 and M2 chips.
-
Systemd Fixes Bug While Facing New Challenger in GNU Shepherd
The systemd developers have fixed a really nasty bug amid the release of the new GNU Shepherd init system.
-
AlmaLinux 10.0 Beta Released
The AlmaLinux OS Foundation has announced the availability of AlmaLinux 10.0 Beta ("Purple Lion") for all supported devices with significant changes.
-
Gnome 47.2 Now Available
Gnome 47.2 is now available for general use but don't expect much in the way of newness, as this is all about improvements and bug fixes.
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.