How to AVOID getting caught in a DDOS meant for someone else (not prevent)?

Question

So we have a load balancer and all that jazz set up with Rackspace. However, guess what, our clients' websites were down again today.

It seems that Rackspace should have their load-balancer architecture separate from their other stuff, but I'm sure they have their reasons.

And surprise, DDOS isn't covered under their SLA.

I know there's not much you can do to prevent a DDOS, but these attacks were not meant for us. How can we avoid getting caught up in a DDOS?

Answer 1

That's completely up to your provider, and ultimately, your selection of a provider.

Any shared platform carries risks of your neighbors on the platform causing problems for you. In the case of a DDoS, the shared network infrastructure they're using was probably overrun.

Ideally, they would work with their upstream ISPs to drop the traffic before it arrives and saturates their infrastructure, so that only the target of the attack (and not all the other customers on the infrastructure) would be offline. They may have done this, just not quickly enough, or the attacker may have changed targets.

It sounds like you've already arrived at this conclusion, but, the answer to how to avoid getting affected by a DDoS against your neighbor on a shared platform has to be one of:

• Don't run on a shared platform.
• Run on a shared platform that is better at handling mitigation of this kind of attack.
• Or at least run on a shared platform that covers this kind of attack in their SLA.