openpolitics.com

I am under DDoS. What can I do?

Traffic-based

If you’re under a traffic-based DoS, you’re finding that there is just so much traffic coming to your server that its connection to the Internet is completely saturated. There is a high packet loss rate when pinging your server from elsewhere, and (depending on routing methods in use) sometimes you’re also seeing really high latency (the ping is high). This kind of attack is usually a DDoS.

.. Load-based

When you are experiencing a load-based DDoS, you notice that the load average is abnormally high (or CPU, RAM, or disk usage, depending on your platform and the specifics). Although the server doesn’t appear to be doing anything useful, it is very busy. Often, there will be copious amounts of entries in the logs indicating unusual conditions. More often than not this is coming from a lot of different places and is a DDoS, but that isn’t necessarily the case. There don’t even have to be a lot of different hosts.

This attack is based on making your service do a lot of expensive stuff.