Your business has so many online clients that it’s impossible to check them 1 by 1 manually. Your business needs to eliminate the DDoS threats in real time without affecting your clients. That’s why you need to protect your business against zombie ddos attack.
Grey list zombies opening too much http connections
IIS and Nginx both offer good rate-limiting features that are well documented. These features lack a way to temporarily ban zombies participating in a DDoS attack. This is where grey listing comes handy.
What is grey listing?
This list will update itself automatically and will look for DDoS anomalies. Once an ip address is found suspicious it will be temporarily ban for 15 minutes.
Without grey listing
We can observe that the unprotected web server allow +7K zombies to connect to it and serve content over http. The bigger the zombie botnet and the higher this number will go until the server goes down.
With grey listing
We can observe that the web server quickly block the Zombie DDoS attack in less than 5 seconds. This graph shows the zombie connections ramping up until it reach 800 connections. The web server then drop the line and no more new connections can be established by the zombies for 15 minutes. Your normal users can still enjoy a fast and reliable web service.
Grey listing advantage
The main advantage is the automatic ban of the DDoS zombies. There is no need for human to interact with the systems once the configuration is done.
Grey listing disadvantage
The biggest issue is to configure it!
How to configure it?
Need help to implement a grey list?
It’s important to have your grey list ready before the attack. You need to prepare your business now to survive against DDoS attacks. We can help you implement grey lists in case you need it. Please write to us for the details firstname.lastname@example.org.