Anti-dosing protection data center
Anti-dosing protection data center
Erm, you'll eventually want to block based on IP address, however, when you first implement an Intrusion Prevention System it is indeed good practice to train it on what normal traffic looks like before letting it detect & block attacks. DDoS protection options include both hardware and software-based solutions, both of which server their own purposes, so you'll definitely want to research available options based on the architecture & requirements of your data centre and/or clients. https://en.wikipedia.org/wiki/DDoS_mitigation https://www.fortinet.com/products/ips.html https://www.pcworld.com/article/144634/g...stems.html
You need to avoid certain identification techniques like MAC addresses or IPs. You can start with a temporary ban, then extend it to minutes, hours, days, months, or even indefinitely. This helps stop the server from repeatedly sending the same file to the same user. Many documents block all users, but browsers often prevent you for valid reasons.
You should consult network experts regarding this matter and the ISPs you intend to connect with, to understand their capabilities and limitations. I can recommend further resources such as FastNetMon for custom detection and BGPFlowSpec for refined upstream rules to manage known good traffic. It would also be wise to steer clear of attempting mitigation or filtering until you have substantial bandwidth—200Gbit/s+ at a data center. Given your inquiry, it seems you may not have the necessary capacity to withstand even minor attacks.
In the event of an attack, you should follow your agreed-upon procedures outlined in your terms and conditions.